Is your Android phone spying on you?

A new study reveals that many popular Android apps are tracking your location and your handset without telling you.

By  

Got an Android phone? Installed apps from the Android Market? Congratulations, you have been named the Mayor of We Know Where You Went and What You Did Last Week.

Even if you never use services like Foursquare or Facebook Places or Google Latitude to announce your physical location to the world, the apps you have installed may be capturing this information and sharing it with advertisers -- without your knowledge or consent.

[ See also: Warning: Fake LinkedIn spam can steal your bank passwords ]

A study by researchers at Duke University, Penn State, and Intel Research Labs has revealed that Android apps are collecting location information from users' GPS phones and sharing them without notifying users or asking for permission.

The researchers looked at 30 popular Android apps, including The Weather Channel, MySpace, Evernote, BBC News Live Stream, Yellow Pages, and Spongebob Slide. They used a home-made tool called TaintDroid to track what data was being shared and with whom. The skinny:

  • Two thirds of these apps violated user privacy by sharing location data or information that could identify individual handsets.
  • Half of them sent user location information to advertising networks like Admob or analytics companies like Flurry without user consent.
  • Seven of the apps sent the unique device identification numbers of the GSM user and the handsets' SIM card to its servers.
  • Two of the apps captured the users' cell phone number along with the ID number and the users' geographical coordinates.

Nice.

Mind you, if the police wanted this information, they'd need a court order. These apps are doling it out like candy to advertising firms and storing it on their own servers.  Per the study [PDF]:

This finding demonstrates that Android’s coarse-grained access control provides insufficient protection against third-party applications seeking to collect sensitive data. Moreover, we found that one application transmits the phone information every time the phone boots. While this application displays a terms of use on first use, the terms of use does not specify collection of this highly sensitive data.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness