Sunday , October 20 2019
Home / slovenia / Over 1000 apps from Android collect data without user permissions

Over 1000 apps from Android collect data without user permissions

When you first launch the Android app Specify what the application will have access to and what you are not (contacts, SMS, calendar, location, etc.), you reasonably expect this to be held and will not change automatically.

The research team from the International Institute of Computing (ICSI), the International Institute of Computer Science, presented a study at this year's PrivacyCon conference, which privacy expectations are often unfounded.

1325 applications collect data without consent

Android Q will allow you to manage your application applications more. Source: XDA Developers

They are in the study examines 88,000 applications from the Google Play store online store. They found that 1,325 applications collected user and device data despite refusing access to the user.

One way of disguised data collection is that the rejected access application simply reads saved data from other applications with a permitted access, located on the SD card or in the phone's internal memory. The approach also works if two applications are not developed by the same developer. Suffice it to be based on the same program code development code.

And here, Samsung?

They also have the ability to read such data Samsung's standard apps, such as the browser and health, because they are based on the development versions of the Chinese web giant Baidu software code. In addition, they also use the code of the analytical firm Salmonada that sells data for advertising companies.

Again, other apps have accessed location data so they use a Wi-Fi connection it recognizes the MAC address of the routerto which the device is connected, and send the data to the developer servers. In addition, they also send data on the network's name to the servers, which in combination with the router's MAC address is a good substitute for accurate location data.

The researchers also highlighted the photo application Sheathfly, which sent the correct GPS coordinates of the device to the developer servers despite the fact that they denied access to location data on the device.

The application simply received location information from EXIF ​​image data, including the coordinates on which the image was created. Application developers deny collecting data without user knowledge.

Q version of Android more secure?

Google was familiar with the results of the survey, and the representatives assured that such data collection procedures would be disabled by the Q version of the Android operating system. It will be in applications standard system-disabled access device location data.

Researchers believe this is not enough, as the phone manufacturer is traditionally slow with Android version versions – as many as 60 percent of all Android devices are still running on a three-year version of N.

Source link