Forgot your password?
typodupeerror
Android Privacy Communications Handhelds Security

The App That Tracks Who's Tracking You 52

Posted by timothy
from the perfect-disguise-for-a-backdoor dept.
Daniel_Stuckey writes "It's no secret that apps like maps or local weather know your current location, and you're probably cool with that because you want to use the handy services they provide in exchange. But chances are there are many other apps on your phone, anything from dictionaries to games, that are also geolocating your every move without your knowledge or permission. Now researchers are developing a new app to police these smartphone spies, by tracking which apps are secretly tracking you, and warning you about it. Before your eyes glaze over at the mention of yet another privacy tool, it's worth noting that this new app is the first to be able to provide this line of defense between snooping apps and smartphone users for Android phones. Android's operating system is engineered not to allow apps to access information about other apps. But a team at Rutgers University found a way around that, by leveraging a function of Android's API to send a signal whenever an app requests location information from the operating system. MIT Technology Review reported on the research today."
This discussion has been archived. No new comments can be posted.

The App That Tracks Who's Tracking You

Comments Filter:
  • by fche (36607) on Thursday January 30, 2014 @02:54PM (#46112677)

    Briefly reading TFA, these guys are analyzing people's reactions to various privacy-warning user interface options. Their baby app that heuristically monitors location-api usage is far less capable than xprivacy or its kin of android tools.

    • While technical proficiency is a necessary feature, and doesn't really have any substitutes, I suspect that any attempt to extend meaningful privacy protection beyond paranoic geeks, recreational cypherpunks, and reasonably smart pedophiles who want to stay on the outside, will depend heavily on human-interface and psychology research in addition to technical prowess.

      People underestimate how potent aggregated privacy compromises are, and they are (even when trying to cover their tracks) pretty easy to 's
  • I can't find any good information on this either way, but in the past any Android app could read anything stored on external media - and some apps are stored to external media, meaning that any application could monitor them.

    Is that still the case? Or do apps not have full read permissions on external media in Android if they are granted permission to access it?

    Also on a side note it seems like if you grant an app permission to read SMS messages it could also monitor at least that activity...

    • by Delwin (599872)
      As of Android 4.4.2 apps can only access their own directories in external media. Needless to say this broke a number of apps like file browsers.
      • That's good to know, I can't believe that existed until 4.4.2...

        Hopefully there is no new permission that would let the "file browsers" work again!

  • by Anonymous Coward

    Despite Google yanking App Ops out of Kit Kat in the latest update, you can still put it back in [howtogeek.com].

    No need for Angry Birds to have access to your information. Simply limit what it can access and forget it.

  • by Anonymous Coward on Thursday January 30, 2014 @03:02PM (#46112765)

    There's a way for an app to discover and report on what other apps are doing? FAN-BLOODY-TASTIC! Because THAT'S not a security hole at all!

  • The actual metadata is collected at, or near, the source, they only download app "fixes" when you're actively being pursued.

    So, this will give a false sense of security to the 99.9 percent of American citizens who are being tracked by the NSA in an Unconstitutional and Illegal manner.

    Oh, and we know exactly where you are even when you turn off location services, btw.

  • by Anonymous Coward

    Or maybe, Android could deny approval of applications that try to seek location data for applications that have no location based function. Data mongering fuckers.

    • Re:Android's policy (Score:5, Informative)

      by tlhIngan (30335) <(ten.frow) (ta) (todhsals)> on Thursday January 30, 2014 @03:32PM (#46112991)

      Or maybe, Android could deny approval of applications that try to seek location data for applications that have no location based function. Data mongering fuckers.

      Android doesn't already have this? I mean, iOS has been asking about location usage for ages, and has an option to disable location services for individual apps for a while now. (An interesting side effect is that access to stored photos ALSO brings up the location services question as photos may have geotags in them - so apps can't get around it by snapping photos and reading out the geotag information).

      And anyhow, you can always turn off location services on Android to keep apps from getting your location information.

      OTOH, one has to consider that to Google, Android is really there to prevent Apple from locking Google out of mobile advertising. It's why Google acquired Android and why they made it open-source. Google knows mobiles would be a big part of it (and mobile traffic is roughly 2:1 iOS:Android), and that Apple could easily strangle Google in this field, hence, Android.

      So perhaps it's all by design - Google's not wanting to give up mobile advertising. Sure they'll probably toss a bone or two - just enough to hobble mobile advertising competitors, but not Google's own advertising networks...

    • Or maybe, Android could deny approval of applications that try to seek location data for applications that have no location based function. Data mongering fuckers.

      Didn't think there was any approval process in Android. So you install an app, it may tell you that it wants your location data, and if you say "no" it won't work. Your choice of giving up your location or not using the app. Minor case of blackmail. That's where the "walled garden" approach comes handy. If your app needs location data for no good reason then it doesn't get on the store. If it refuses to perform functions that don't need location data, when the user refuses to allow access to location, it do

  • by nani popoki (594111) on Thursday January 30, 2014 @03:16PM (#46112853) Homepage
    This is an app that exploits a security hole to detect apps that are exploiting a security hole? What's wrong with this picture?
    • Turtles? (Score:4, Funny)

      by Anonymous Coward on Thursday January 30, 2014 @03:29PM (#46112955)

      It's trackers all the way down.

    • "Yo, dawg! I heard you like....

      Nah, it's just to easy.

      What's wrong with this picture?

      How much time do you have? How long is your attention span? Did you bring food?(this could take a long time)

      I guessed you were asking a rhetorical question and already know some/most of the answers, so I did not elaborate.

      If that was a serious question, reply back and I will try my best for you; if not, just ignore my stirring of the puddle. :-)

    • by Chemisor (97276)

      There is nothing wrong with this picture. Monopolizing a hole has been a successful evolutionary strategy for millions of years.

  • by arisvega (1414195) on Thursday January 30, 2014 @03:23PM (#46112909)

    .. if you go hastefully through the ToS it is very easy to miss that _some_ data will be communicated to 'momma' server _anyway_, regardless of user control settings, and that they reserve the right to do basically whatever they want with it.

    Their stated intentions for the collected data, should they (the company behind the addon, working with Mozilla for the time being) not be acquired, go bankrupt or 'experience corporate restructuring', is to produce a public internet map with it to show which megacorp is connected to which other megacorp- but there is no link or even a timeline for that, and they are not really clear as to what data they will make public, how, when and where.

    I have my doubts for them, as I do for this app.

  • by koan (80826)

    To the best of my knowledge Android doesn't allow you to set specific permissions on the app, only to agree or disagree. (on my Nexus 7 2nd Gen)
    Android, if they allow the app, will release a patch to stop the "exploit" it's using.

    They also don't allow you to access attached USB storage without rooting or other "work around" apps.

    There's a reason for this.

  • Privacy Guard blocks location access to whatever apps it is enabled for.

    Generally though, I examine the permissions an app requests _before_ I install it, and if it wants permissions it doesn't need, I don't install it in the first place.

  • by SirJorgelOfBorgel (897488) on Thursday January 30, 2014 @07:29PM (#46115571)

    Immediately after reading the summary, I suspected this would just use "getLastKnownLocation" and correlate that with the foreground app. From searching through TFA, that is indeed the case. Technically, not very interesting at all.

  • How about an app that tracks who's tracking you, then mails thousands of junk e-mails to every officer in the companies tracking you.
  • Oh I dunno, my Galaxy becomes unstable enough with an average sized suite of apps. I can't see how adding more to tell you about the status of the status is really going to help.

What this country needs is a good five cent microcomputer.

Working...