Over 1,000 Android apps found to harvest data even after owners explicitly say no

Tuesday 9 July 2019 10:34 CET | News

Researchers from the International Computer Science Institute have found up to 1,325 Android apps that were gathering data from devices even after users explicitly denied them permission.

The apps gather information such as location, phone identifiers, etc. The study looked at more than 88,000 apps from the Google Play store, tracking how data transferred from the apps when they were denied permissions.

The experts presented the study in late June 2019 at the Federal Trade Commissions PrivacyCon and notified Google about these issues in September 2018. Google said it would be addressing the issues in Android Q, which is expected to be released in 2019. The update will address the issue by hiding location information in photos from apps and requiring any apps that access Wi-Fi to also have permission for location data, according to Google.

For instance, researchers found that Shutterfly, a photo-editing app, had been gathering GPS coordinates from photos and sending that data to its own servers, even when users declined to give the app permission to access location data. Some apps were relying on other apps that were granted permission to look at personal data, piggybacking off their access to gather phone identifiers like your IMEI number.

Computer Science Institute announced will be releasing details with a list of the 1,325 apps the researchers discovered during the Usenix Security conference in August 2019.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: International Computer Science, research, apps, Android, permission, privacy, fraud prevention
Countries: World