Over 1k Android apps gain your data even if denied permission

Over 1k Android apps harvest your data even if denied permission – study

More than 1,000 Android apps discovered to harvest data even after you deny permissions

So what can be done to prevent these apps from collecting this data? This leads to questions about our privacy and how these companies manage it. The study finds that several apps circumvent the permission settings and are able to gain access to protected data by exploiting both covert and side channels. While the ads aren't necessarily intrusive since they're just placed in the Share sheet, they make this menu even more cluttered.

As an example of how these workarounds are used in real life, the report noted that image publishing app Shutterfly took Global Positioning System coordinates from photos and sent that data to its servers even if the user didn't grant the app permission to obtain his location data.

Developers will, for example, need request a special permission before they can access the device IMEI and serial number.

Often, when taking a picture, the location system becomes activate to record in the metadata the location of the snapshot. Google will hide location information in photos from apps. "All in accordance with Shutterfly's privacy policy as well as the Android developer agreement", the company said in a statement. Say you don't have the Powerpoint app installed on your Android phone and you're trying to open a.ppt/.pptx file, you'll get a suggestion to download Powerpoint in the "Open with" menu.

Other apps sought to gather sensitive identifiable information, such as a smartphone's IMEI number or a router's MAC address. This data allows the information holder to pinpoint the exact location of the user, without Global Positioning System.

For instance, security updates announced in Apple's newest iOS 13 will notify users how an app is tracking them, including their location. In fact, researchers found that apps developed using Baidu's SDK may actually be storing this data as well.

These included Disney Hong Kong and Shanghai apps, Samsung's Health app, and Samsung's browser.

There are 153 apps that have that capability.

The academic study, which was published on the FTC website, shows that 1,325 of the 88,000 apps that were studied collected such information as geolocation data and phone identifiers, even if the apps weren't given the permission to do so.

Google has been made aware of these issues and should take action to avoid this kind of abuse on Android Q. You can read the full ICSI report of 1,325 apps misusing and bypassing limitations.

Latest News