Android apps caught data snooping

[nsane.forums]

Study claims personal data sent to developers and advertisers without user notification

Researchers have published the results of a study that has found Android applications are sending data to their developers and online advertisers without notifying their users.

The joint study by Intel Labs, Penn State, and Duke University has identified that publicly available mobile apps from Google’s Android marketplace have been releasing consumers' private information.

Given the open nature of Android, researchers were able to build a real-time monitoring service they have called "TaintDroid,’ to track what end-user information is used by apps developed on the platform.

The service analyses how private information is obtained and released by apps downloaded to consumers’ smartphones.

Its monitoring of 30 popular applications revealed that 15 sent users' geographic location to remote advertisement servers. Seven of the 30 applications also sent a unique handset identifier, and, in some cases, the phone number and SIM card serial number to developers.

There are currently over 200,000 applications available in Apple's App Store and over 70,000 in Android's Market, many of which access users' personal data, including their location, phone information, and usage history to enhance their experience.

“But users must trust that applications will only use their privacy-sensitive information in a desirable way,” the researchers stated. “Unfortunately, applications rarely provide privacy policies that clearly state how users' sensitive information will be used, and users have no way of knowing where applications send the information given to them.”

The researchers have now made TaintDroid available to Google smartphone users as a prototype extension to the Android platform.

Designed to identify apps that transmit private data, the tool monitors how each app accesses and uses sensitive data, such as location, camera and phone numbers, to provide feedback after using a newly installed app.

Rob Bamforth, principal analyst at Quocirca, said the research had highlighted a problem that was not limited to just Google and added that this is not the first time that apps developed on the Android platform have come under the privacy spotlight.

“As we get more and more used to doing things on our mobile, we are perhaps more trusting of our mobiles than our desktops, maybe because we get them from network operators, who we think are going to offer a form of protection,” he said.

“But they hold a lot of personally identifiable information, even your location in some instances, so this research highlights the risk that mobile use involves and that they need protecting.”

A Google spokesperson was keen to point out to V3.co.uk that, when installing an application from Android Market, users are presented with a screen that explains what information the application has permission to access, such as a user's location or contacts.

“Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time," the spokesperson continued.

"Any third party code included in an application is bound by these same permissions. We consistently advise users to only install apps they trust."

Google added that users always need to entrust at least some of their information to the developer of the application.

"Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer. We also provide developers with best practices about how to handle user data,” the spokesperson added.

View: Original Article

[HX1]

That is an absolute shame.. I was looking the droidx last night..