Forgot your password?
typodupeerror
Android Privacy

8% of Android Apps Are Leaking Private Information 159

Posted by samzenpus
from the sieve-phone dept.
kai_hiwatari writes "Neil Daswani, who is also the CTO of security firm Dasient, says that they have studied around 10,000 Android apps and have found that 800 of them are leaking private information of the user to an unauthorized server. Neil Daswani is scheduled to present the full findings at the Black Hat Conference in Las Vegas which starts on July 30th. The Dasient researchers also found out that 11 of the apps they have examined are sending unwanted SMS messages."
This discussion has been archived. No new comments can be posted.

8% of Android Apps Are Leaking Private Information

Comments Filter:
  • by Anonymous Coward on Wednesday July 20, 2011 @09:32PM (#36830782)

    If you use the firewall program that you can download with Cydia, you will find that a majority of iPhone apps connect to ad sites, statistic sites, behavioral targeting sites, and many domains that have zero to do what what the app does. The end user has zero control of what an app can do, and any app can happily slurp your contacts and anything available to it and hand it over to whatever site it feels like, and only people who have JB-ed their phone would know.

    Android, it is more obvious because you don't have to jailbreak it to see the programs phoning home.

    For example, take some of the photo editing apps on the iPhone. If you look at them, they appear to just uplaod your photo to a website and do the core editing via that as opposed to the application doing much. So, that private photo you decide to use a 99 cent app to make humorous? It is now on someone's Web server, and they can (in theory) claim full ownership and copyright of the image at any time.

    For the tl;dr crowd, iPhone apps are just as nasty, but they hide it better, being impossible to trace unless one jailbreaks their device.

  • Re:Permissions (Score:2, Interesting)

    by Anonymous Coward on Wednesday July 20, 2011 @09:43PM (#36830866)

    Better yet, how about doing the intelligent thing and providing a UNIQUE identifier per APPLICATION. Not using the IMEI, but instead generate a UUID for each application to use as its unique id. Use a hash of some hardware value (like the IMEI) and the applications signature ( I assume apps have their own UUIDs in Android for identifying applications uniquely ).

    Then they can uniquely identify a specific device has a specific app installed, they also won't be able to tell (if implemented properly) by using that information which applications you also have installed. Vender A sells me 3 apps, and it gets 3 unique IDs back for my device from all of them, meaning I no longer have to worry about sharing of that information resulting in a profile of me.

    Pretty much every reason you come up with for wanting to uniquely ID a phone revolves around targeted marketing, so lets just end that ...

    Oh wait ... Android ... Google ... hrm, yea, they aren't going to go for that one are they?

  • Re:Permissions (Score:4, Interesting)

    by Nirvelli (851945) on Wednesday July 20, 2011 @10:27PM (#36831082)
    This functionality is available in CyanogenMod ROMs already.
    http://slashdot.org/story/11/05/25/1221225/Cyanogenmod-Puts-Users-in-Control-of-Permissions [slashdot.org]
  • by godrik (1287354) on Wednesday July 20, 2011 @10:49PM (#36831190)

    Well, I do believe them without any problem. Half the application I tried to install on my phone ask for ridiculously high permissions. I checked a tetris like game that want to access your GPS location, your contact list and the internet. Why ?

    I would love the operating system to allow you to report fake information to some application. The application want access to your contact list? sure give it an empty list. It wants to know your GPS location. Sure, give a fixed user-defined location (in the middle of the ocean if possible).

  • Re:Compared to... (Score:4, Interesting)

    by TubeSteak (669689) on Wednesday July 20, 2011 @11:07PM (#36831282) Journal

    Compared to 100% of your Facebook apps! Nothing to worry about here, folks.

    Data leakage is one thing, unwanted text messages (premium SMS services are big money) is another story entirely.

  • Re:...and... (Score:3, Interesting)

    by dudpixel (1429789) on Wednesday July 20, 2011 @11:54PM (#36831498)

    maybe it is misleading. Maybe it technically is authorized by your definition.

    However, note that ALL apps with ads need internet access, and yet the internet access gives them access to the whole internet, not just the ad server.

    This always concerns me when its simple apps that really dont need internet access other than to display ads. How would I know what the app is doing?

    I'm normally against the walled garden approach but Google's complete hands-off thing is really starting to get serious. Its almost like they dont care about their own platform? Like they've disowned the market and they're only interested in the Google search box.

    I dont think this approach will work for Google in the long term. Why do people spend more on the App Store? Maybe its because they trust it more...

"But this one goes to eleven." -- Nigel Tufnel

Working...