A new scandal for Google and Android on the use of private data. Applications have managed to circumvent the prohibitions of access to certain data to harvest them anyway. They would be over 1,000.
User data has become an invaluable commodity for businesses. More and more application stories that are abusing this data collection. This leads to questions about our privacy and how these companies manage it.
On Android, an application must ask the user for permission to access certain data such as location, call log or internal storage. If he refuses, the application will not be able to access it. However, more than 1,000 of them would have found a way around this.
Photo metadata to get location
One of the techniques unveiled by research conducted by the International Computer Science Institute is the one used by the photo editing application Shutterfly (downloaded 5 million times on the Play Store ). If access to the location of the device is disabled, it will use the metadata of the image.
Gizchina News of the week
Often, when taking a picture, the location system becomes activate to record in the metadata the location of the snapshot. Shutterfly takes the opportunity to walk through the metadata of the photos and therefore it transfer locations on its servers. CNET relayed the response of a company spokesman who totally denied these accusations.
“Like many photo services, Shutterfly uses this data to enhance the user experience with features such as categorization and personalized product suggestions. All in accordance with Shutterfly’s privacy policy as well as the Android developer agreement,” the company said in a statement.
No access? no problem!
Some apps were relying on other apps that have permission to look at personal data. Piggybacking off their access to gather phone identifiers like your IMEI number. These apps would read through unprotected files on a device’s SD card and harvest data they didn’t have permission to access. So if you let other apps access personal data. And they stored it in a folder on the SD card, these spying apps would be able to take that information.
While there were only about 13 apps doing this, they have more than 17 million install times, according to the researchers. This includes apps like Baidu’s Hong Kong Disneyland park app, researchers said.
There are 153 apps that have that capability. Researchers found, including Samsung’s Health and Browser apps, which are installed on more than 500 million devices.
Google has been made aware of these issues and should take action to avoid this kind of abuse on Android Q. You can read the full ICSI report of 1,325 apps misusing and bypassing limitations.
