Some Android Apps To Receive Your Data Without Permission

August 3, 2019

Written by wukovits

When it works, Android’s app permissions are awesome.

They’re straightforward and easy to understand.

When you install a new app on your phone, you’ll get a popup box that gives you a summary of what permissions the app says it needs. Then, you have the option to either accept or deny it that permission.

Sometimes, the app winds up working fine, even if you deny it the permission.  But sometimes (like in the case of a map or direction app where you don’t allow it access to geolocation data), it won’t work at all.  By and large though, the system works as intended and it gives you a fair amount of control over which apps have what permissions.

Unfortunately, things are not always as they seem.  Researchers from UC Berkeley’s International Computer Science Institute recently tested 88,000 apps from the Google Play Store. They found 1,325 instances where apps continued to collect information even after users denied them the permission to do so.

The researchers had this to say about their findings:

“Modern smartphone platforms implement permission-based models to protect access to sensitive data and system resources.  However, apps can circumvent the permission model and gain access to protected data without user consent by using both covert and side channels.

Side channels present in the implementation of the permission system allow apps to access protected data and system resources without permission, whereas covert channels enable communication between two colluding apps, so that one app can share its permission-protected data with another app lacking those permissions.”

To cite one example, the researchers discovered that the photo sharing website Shutterfly (which is commonly used for sharing and editing photos) collects GPS data from mobile phones and sends it to its own servers. That is even if users have declined the app permission to access location data.

The report estimates that based on the number of apps found to be circumventing permissions, the number of users being impacted are likely in the hundreds of millions. Even worse, there are no easy fixes for this problem.  Be aware then, that the apps you’re using are likely collecting more data about you than you realize, even if you’ve told them not to.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Send us a message

Your message was sent.