Android Apps Caught Sending Private Data to Advertisers

A study using an application called "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones," conducted by Intel Labs, Penn State Univesity, and Duke University found that a number of Android apps were sending user data, including location, back to advertisers. In fact, the study found, one-half, or 15 out of 30 of the apps tested, shared some private data.

"TaintDroid" itself is a real-time monitoring service that researchers used to track the flow of "privacy-sensitive data" through third-party Android apps. The full study is here (.PDF). TaintDroid looks for taints, or data from privacy-sensitive sources.

The TaintDroid research found that 15 of the 30 apps send users' "geographic location to remote advertisement servers." Additionally, seven of the 30 applications send a unique hardware hardware identifier and, in some cases, even send the phone number and SIM card information. Researchers said they identified 68 cases of "potentially misused private information" by 20 apps.

In August, Google banned, then later restored a series of wallpaper apps from the Android Market, that were similarly collecting such data. In that case, Google eventually said that the developer was simply overzealous.

Google, in response to the finding, reminded that all Android Market apps indicate which "permissions" they require. They said:
When users install an Android Market app, the spokesperson said, "users see a screen that explains clearly what information the application has permission to access, such as a user's location or contacts. Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time. Any third party code included in an application is bound by these same permissions. We consistently advise users to only install apps they trust."
True, but just as with the end-user license agreements (EULAs) attached to software, how many people really read that?

The following applications were used in the study. However, researchers didn't reveal which of them were "culprits" in the study. They were: The Weather Channel, Cestos, Solitaire, Movies, Babble, Manga Browser, Bump, Wertago, Antivirus, ABC Animals, Traffic Jam, Hearts, Blackjack, Horoscope, 3001 Wisom Quotes Live, Yellow Pages, Dastelefonbuch, Astrid, BBC News Live Stream, Ringtones, Layer, Knocking, Barcode Scanner, Coupons, Trapster, Spongebob Slide, ProBasketBall, MySpace, ixMAT, and Evernote.
Tags:  Android, Google, Privacy
Super Dave 4 years ago

[quote user="News"]However, researchers didn't reveal which of them were "culprits" in the study.[/quote]

Sad that they didn't expose the dirty rats.Sad

3vi1 4 years ago

>> True, but just as with the end-user license agreements (EULAs) attached to software, how many people really read that?

The same number that aren't idiots? EULA's don't enable trojans if you don't read them, while permissions screens do.

People are actually kind of idiots if they don't read EULAs nowadays, as there are so many spyware apps that attach themselves to seemingly decent programs.  Of course, I haven't seen an EULA in a long time - because that annoyance doesn't exist on free operating systems/applications.

realneil 4 years ago

It's the same old commershmicahn BullSh*t where they don't give a rat's a*s for you, as long as they can make a dime off of funneling info about you to others. It should be against the law and Google shouldn't enable the creeps either.

NDavis 4 years ago

It's not a fair to compare a EULA to the permission list on Android. They're not even remotely similar,

unless you are saying that they are similar because *you* don't read either. I don't read through EULAs,

but I can take the 5-10 seconds to gloss over the permission list and make sure that functionality

and permissions match.

This problem is not limited to Android, but ironically, Android is the best operating system out there with

regards to your privacy because of the application permission list. Most other mobile operating systems offer no such warnings, and you rely solely on the virtue of application developers, or in the case of iOS, on Apple.

This article and duplicates on popular news sites have all been junk. Most either don't mention or like in this one, completely disregard what Android does to try to ensure your privacy.

Are you going to get angry at Apple or Microsoft because a desktop application is doing things it shouldn't? Are you not being protected enough by them?

There's a point where it becomes the user's responsibility for making sure they don't download these types of applications, and Google enables the user to do it more so than any other mobile operating system out there.

3vi1 4 years ago

Well said.

3vi1 4 years ago

Odd that the original article comes from MSnbc, eh?

Now... which company has just released an OS for phones and would want to use FUD to smear Google/Android right before the holiday buying season?


digitaldd 4 years ago

I just wish people would realize that Rooting/Jailbreaking are security vulnerabilities. I think its called AppUnlocking on Windows mobile same difference.

Post a Comment
or Register to comment