Google Android apps found to be sharing data

Android logo, Google The team studied 30 of the 358 most popular Android apps

Related Stories

Some of the most popular apps written for Google's Android phones do not tell users what is done with data they gather, says a study by US researchers.

Half of 30 applications studied share location information and unique identifiers with advertisers.

Information about the data gathering was collected using software developed by the team.

App creators should provide more information what will be done with harvested data, they say.

The team of computer scientists from Intel Labs, Penn State, and Duke University chose 30 out of the 358 most popular Android apps that, when installed, ask for permission to get at location, camera and audio data.

Using an extension to the Android operating system called TaintDroid, created by the team, they logged what the applications did.

This revealed that 15 of the apps sent location information to advertisers but did not inform users that data was being shared with those firms. Some apps gathered and despatched location information even when an application was not running and some sent updates every 30 seconds.

One application gathered data and sent it as soon as it was installed but before it was run for the first time.

TaintDroid also found that seven of the apps shared unique identifiers, known as IMEI numbers, when sending data. Others despatched phone numbers or SIM card serial numbers.

Trust model

The researchers said that while many Android apps ask for permission to gather information they did not do enough to inform users what was going to be done with that data or who it would be shared with.

They criticised the fact that users must "blindly trust" applications to play fair with data that they gather.

"Android's coarse grained access control provides insufficient protection against third-party applications seeking to collect sensitive data," wrote the researchers in a paper about their work.

Mobile security analyst Nigel Stanley from Bloor Research said the loose permission system could prove a boon for hi-tech thieves.

"The blanket permissions a user gives on installing an app can give carte blanche to malware and spyware providers to collect as much private data as they want, under the protective nicety of a simplistic warning from the operating system," he said.

In a statement, Android creator Google said users necessarily entrusted all computing devices with some of their information.

"Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer," it said. "We also provide developers with best practices about how to handle user data."

It added that when apps are installed they show a screen detailing what information that program will access and users must give permission for installation to go ahead. Google said warnings were also given when apps are updated.

"We consistently advise users to only install apps they trust," it said.

The research and the TaintDroid program are due to be presented at the Usenix symposium on Operating Systems Design and Implementation (OSDI 10).

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • HandshakeKiss and make up

    A marriage counsellor on healing the referendum hurt


  • Pellet of plutoniumRed alert

    The scary element that helped save the crew of Apollo 13


  • Burnt section of the Umayyad Mosque in the old city of AleppoBefore and after

    Satellite images reveal Syria's heritage trashed by war


  • Woman on the phone in office10 Things

    The most efficient break is 17 minutes, and more nuggets


  • Amir TaakiDark market

    The bitcoin wallet with controversial users


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.