The apps gather information such as location, phone identifiers, etc. The study looked at more than 88,000 apps from the Google Play store, tracking how data transferred from the apps when they were denied permissions.
The experts presented the study in late June 2019 at the Federal Trade Commissions PrivacyCon and notified Google about these issues in September 2018. Google said it would be addressing the issues in Android Q, which is expected to be released in 2019. The update will address the issue by hiding location information in photos from apps and requiring any apps that access Wi-Fi to also have permission for location data, according to Google.
For instance, researchers found that Shutterfly, a photo-editing app, had been gathering GPS coordinates from photos and sending that data to its own servers, even when users declined to give the app permission to access location data. Some apps were relying on other apps that were granted permission to look at personal data, piggybacking off their access to gather phone identifiers like your IMEI number.
Computer Science Institute announced will be releasing details with a list of the 1,325 apps the researchers discovered during the Usenix Security conference in August 2019.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now