September 30, 2010, 3:26 PM — Got an Android phone? Installed apps from the Android Market? Congratulations, you have been named the Mayor of We Know Where You Went and What You Did Last Week.
Even if you never use services like Foursquare or Facebook Places or Google Latitude to announce your physical location to the world, the apps you have installed may be capturing this information and sharing it with advertisers -- without your knowledge or consent.
A study by researchers at Duke University, Penn State, and Intel Research Labs has revealed that Android apps are collecting location information from users' GPS phones and sharing them without notifying users or asking for permission.
The researchers looked at 30 popular Android apps, including The Weather Channel, MySpace, Evernote, BBC News Live Stream, Yellow Pages, and Spongebob Slide. They used a home-made tool called TaintDroid to track what data was being shared and with whom. The skinny:
- Two thirds of these apps violated user privacy by sharing location data or information that could identify individual handsets.
- Half of them sent user location information to advertising networks like Admob or analytics companies like Flurry without user consent.
- Seven of the apps sent the unique device identification numbers of the GSM user and the handsets' SIM card to its servers.
- Two of the apps captured the users' cell phone number along with the ID number and the users' geographical coordinates.
Mind you, if the police wanted this information, they'd need a court order. These apps are doling it out like candy to advertising firms and storing it on their own servers. Per the study [PDF]: