1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

More than 1,000 Android apps discovered to harvest data even after you deny permissions

By nanoguy · 11 replies
Jul 8, 2019
Post New Reply
  1. We’ve become used to the idea of app stores that are supposed to be populated by curated apps with no malicious intent. Both Google and Apple force apps to ask you for permission to use your contacts list, messages, files, camera or location, but those apps do have alternative ways to funnel that data even after you’ve denied them access.

    In the case of Android apps, researchers at the International Computer Science Institute found at least 1,300 apps from a pool of 88,000 studied that have no less than 50 ways to circumvent what you didn’t consent to on the Permissions screen. They span the entire range of categories, and even popular third-party SDKs and libraries were examined, only to find them littered with code that can be used for storing personal user data.

    The findings were presented at the Usenix Security Conference and highlight two common ways in which Play Store apps circumvent access restrictions. The first has to do with Android and third-party SDK vulnerabilities, such as with Unity which somehow allows dozens of apps to store unique identifiers for your mobile device.

    The second one is called “covert channels,” which is short speak for apps that have a clever or unorthodox way to share user information with apps that don’t have the same permissions. For example, third-party libraries from Chinese companies Baidu and Salmonads use the SD card to store sensitive information that can then get passed to apps that shouldn’t technically have access to it. Mind you, there are 153 such apps that are installed on over 500 million devices.

    Google rewarded the researchers for the findings and has promised to address the issues in Android Q, which is supposed to have a focus on privacy.

    In any case, the company has an even bigger responsibility on its hands that it can’t ignore, as malicious apps can dwell in the Trending section of the Play Store long enough to affect hundreds of thousands of users.

    When it comes to protecting our personal data, few of us take the time to address how much of it is gobbled up by tech companies, even though there are just a few simple steps that can help you do just that and they cost nothing at all.

    Permalink to story.

     
  2. VitalyT

    VitalyT Russ-Puss Posts: 4,478   +3,036

    So much for the Android's freedom. I think I will stick to iPhone-s for a bit longer.
     
    warLoc, Shadowboxer, MaitieS and 2 others like this.
  3. wiyosaya

    wiyosaya TS Evangelist Posts: 3,993   +2,290

    Can't say I am surprised.
     
  4. EClyde

    EClyde TS Evangelist Posts: 1,833   +678

    That does it. I am only going to use Pop Tarts from now on
     
    JaredTheDragon and Nobina like this.
  5. Misagt

    Misagt TS Maniac Posts: 288   +206

    This is why I stay away from android apps.
     
  6. DaveBG

    DaveBG TS Maniac Posts: 413   +155

    USE CUSTOM ROMs people! ffs! Everyone knows this at this point... or at least anyone that has ability to read and write...
     
    JaredTheDragon and Impudicus like this.
  7. Fearghast

    Fearghast TS Addict Posts: 130   +89

    TBH I am not even surprised, it's happening on iOS and it's happening on Android as well.
    Only a delusional person thinks his device is "safe", nobody can crack it, nobody will track you etc.
     
  8. Eldritch

    Eldritch TS Addict Posts: 128   +125

    And how exactly a custom rom more secure than stock roms? Remember, the problem illustrated here is not the ability to deny permissions but apps bypassing the restrictions and gathering data anyway.
     
    thelatestmodel and max0x7ba like this.
  9. Jimster480

    Jimster480 TS Booster Posts: 71   +62

    Using a custom rom doesn't fix this problem at all.
    unless you make using your phone a part time job by locking down every aspect of it with tons of custom utilities.
    Because apps creating files that then other apps can read is hard to prevent... and some apps don't work without specific permissions.
     
  10. JaredTheDragon

    JaredTheDragon TS Guru Posts: 583   +383

    I agree, but it's funny how I get all my comments deleted here that say exactly the same thing as you, and then a couple days later they "break the news".

    Techspot, take note: that's not "trolling", it's DRAGONING. Get over it.
     
  11. Markoni35

    Markoni35 TS Booster Posts: 196   +93

    Yeah, I get that a lot too. Seeing too much into the future. Some sites are even worse.

    For example TED.com is extremely conservative and dogmatic, for an allegedly very liberal and open-minded site. They are worse than Spanish Inquisition a few hundred years ago. Criticism of a talk is not allowed. You can only agree. So no wonder that almost all the comments agree with the talk, when they disable the comments that didn't. They've learned democracy from North Korea.
     
  12. hk2000

    hk2000 TS Booster Posts: 65   +28

    People actually believe the "permissions" thing? If it enters your device, you must assume it's public.
     

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...