toggle

Android apps caught sending GPS, phone numbers to ad firms

updated 02:40 pm EDT, Thu September 30, 2010

Study shows some Android apps leaking private info


A new joint study from Duke University, Intel Labs and Penn State University has found that some Android apps are sending excessive and potentially dangerous levels of location and personal info to ad producers. Of 30 free, successful apps, about half were sending advertisers the user's GPS positioning and even phone numbers beyond what they were known to do. The updates would occur even when no ads were running, Ars Technica noted, and could occur as often as every 30 seconds.

Many of the details themselves were collected through a custom-built tool, TaintDroid, that looked for instances when an app might be sending private information to an outside server and which could be compared against the actual usage patterns.

Concerns have been mounting that Google's approach to privacy policies and notifications is allowing advertisers or app developers themselves to violate personal information without the knowledge or consent of the users. Android apps regularly have a notice before an app download of what access is required, but the notices aren't specific about how the information will be used or the ultimate destination. A controversy briefly erupted this summer when a wallpaper app was caught sending information to China, although it was discovered afterwards that less was being sent than Google's own app warnings implied.

The OS has also had an issue with apps that can potentially be malicious without sending any alerts, such as a proof-of-concept exploit sent out this summer.

Google hasn't responded to the initial details of the study, which will be published in full at the Usenix Symposium on OS Design and Implementation next week in Vancouver, but it has so far recommended only that developers provide a simple way of accessing the privacy policy for a given app once it's already installed.

The approach contrasts sharply with that of Apple. While iOS developers have a smaller set of possible app features, it has explicitly prevented apps from using GPS primarily for advertising and requires that apps ask the user for permission to use location info. Excess information is still a possibility for iPhone apps and other devices but is more likely to be caught earlier.


By Electronista Staff

print
email
(18)

TAGS :  

Intel, iPhone, industry, security, Google, Android, mobile phones, Apple

Related Articles

Recent Articles

Other Articles

toggle

Previous Comments

  1. MyRightEye

    Fresh-Faced Recruit

    Joined: Apr 2008

    +15
    09/30, 03:11pm | report spam | reply

    Wow...

    That's insanely bad...


  1. ludachrs

    Fresh-Faced Recruit

    Joined: Sep 2005

    +4
    09/30, 03:18pm | report spam | reply

    Ignore the man behind the current.

    Nothing to see here move along. Free and Open hehe. I prefer the walled garden more than the "price" I don't know.


  1. SockRolid

    Fresh-Faced Recruit

    Joined: Jan 2010

    +9
    09/30, 03:22pm | report spam | reply

    Free. Open. Spamtastic.

    This is what happens in a weedpatch. Walled gardens are protected against this kind of sleaziness.


  1. iphonerulez

    Fresh-Faced Recruit

    Joined: Nov 2008

    +4
    09/30, 03:25pm | report spam | reply

    Talk about being open...

    I guess that includes end users' information, too. Oh, well, I guess this makes the Droidtards happy because anything goes without restraints. If you're just some stupid innocent low-tech end user, it's your own fault for choosing an OS with a garden where anyone can come and play without your permission.


  1. Jeronimo2000

    Fresh-Faced Recruit

    Joined: Aug 2001

    +10
    09/30, 03:28pm | report spam | reply

    I don't know why...

    ... but I find this immensely amusing. Must remember this one for future discussions with Apple haters about the whole "closed and evil Apple system" thing.


  1. facebook_Jason

    Via Facebook

    Joined: Sep 2010

    +7
    09/30, 03:36pm | report spam | reply

    sounds like jobs was right

    I'll bet there is a lot of laughter in Cupertino these days...


  1. VValdo

    Dedicated MacNNer

    Joined: May 2001

    -5
    09/30, 03:38pm | report spam | (1 reply) | reply

    WTF

    Umm, there is no exploit here. Why doesn't this summary explain that in every case the user gave the app the appropriate permission?


  1. Marook

    Forum Regular

    Joined: May 1999

    +5
    09/30, 04:14pm | report spam | (1 reply) | reply

    Re: WTF

    Ahh, no the user DID NOT!
    The App _may_ have asked to use GPS services, but it did not ask about sending your location to add agencies along with your phone number every 30 sec!

    And it seems like you can access the GPS and other info even without asking the user.. Bad, Bad developers!


  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    -8
    09/30, 04:16pm | report spam | (1 reply) | reply

    walled garden

    Um, nothing in the iOS prevents this, nor in Apple's screening of said apps.

    As the article states (the real one):

    Third-party applications that rely on sensitive features have to request permission during the installation process. ... It's a practical security measure, but one critical limitation is that there is no way for the user to discern how and when the application will use a requested feature or where it will send the information.

    So when you give your iOS game access to your GPS data, where is that information going? Are the adservers getting that?

    BTW, Apple's own iAd platform specifically lets them send your location information to the advertisers. Or did you forget that, as well?


  1. chefpastry

    Mac Enthusiast

    Joined: Nov 2005

    +2
    09/30, 05:26pm | report spam | (1 reply) | reply

    Google's response

    "On all computing devices, desktop or mobile, users necessarily entrust at least some of their information to the developer of the application. Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer. We also provide developers with best practices
    about how to handle user data.

    When installing an application from Android Market, users see a screen that explains clearly what information the application has permission to access, such as a user's location or contacts. Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time. Any third party code included in an application is bound by these same permissions. We consistently advise users to only install apps they trust."


    I love it. Now, it's necessary to entrust our information to to developers. F*** Google!


Show More Comments
Login Here

Not a member of the MacNN forums? Register now for free.

Recently Commented Articles

Related Forum Posts

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

10 Most Read

Recent Reviews

iHome iW2 AirPlay speaker

iHome generally isn't known as a luxury brand when it comes to audio, but it is prolific -- the company's docks and speakers are every ...

Logitech Ultrathin Keyboard Cover

One of the iPad's main weaknesses has always been productivity. It's not a question of apps; while it has taken a little time for a na ...

Logitech UE Air Speaker

If maybe a little more slowly than Apple would like, AirPlay is becoming a staple of the wireless speaker market for iOS devices. The ...

toggle

Most Commented

10 Most Discussed

 
toggle

Popular News