Leading tech companies store tons of data regarding users’ locations, their friends or their interests, making online privacy almost a joke.
Lawmakers are making it part of the privacy regulations and that the users’ data should be controlled with app permission. Though Apple and to advance privacy, still many apps find alternate ways to fetch data.
found out around 1,325 Android apps that get hold of users’ data even if the permission to access the data is not granted. By the end of June, the director of usable security and privacy research at the ICSI, Serge Egelman presented the findings at the privacy of the .
At the conference, Egelman talked about how there are only a few tools available to users through which they can control their privacy over devices and make other relevant choices. There is no point of asking permission from consumers if apps can easily by-pass the system checks.
Researchers informed Google and FTC in September 2018, said Eagleman. Google replied that they would be resolving the issues in Android Q that will probably come out this year.
According to Google, in the latest update, location information from photos will be hidden from the apps. Apps that access Wi-Fi will need to have permission to obtain location data.
Around 88,000 apps on Google Store were analyzed to check how these apps transfer data when their permission is rejected. Researchers identified 1,325 apps that used workarounds hidden in its code to unethically obtain personal data from either Wi-Fi connections or from the metadata of photos.
A photo editing app, Shutterfly was found to be collecting GPS data from photos even when it was not given the permission but the data was then sent to its server.
Rejecting the findings of researchers, the spokeswoman of Shutterfly said that the app only collected location data, that also through clear means.
There were some apps that gathered data from other apps that were granted permission to access the device’s data. The unprotected files on SD cards of the devices were read by these apps and from there they would get access to data they were denied permission to.
13 of the apps, that were installed 17 million times were doing this to get access to data, including the Baidu’s HongKong Disneyland park app.
According to researchers, 152 apps that are installed on 500 million devices have the capability, including Health and Browser apps of Samsung.
Other apps got location data through Wifi and MAC address of routers.
The interesting thing is to look forward to Egelman who said he will be revealing the list of 1,325 apps that were discovered by researchers.