Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Android Privacy Security

Permission-Greedy Apps Delayed Android 6 Upgrade So They Could Harvest More User Data (zdnet.com) 62

Android app developers intentionally delayed updating their applications to work on top of Android 6.0, so they could continue to have access to an older permission-requesting mechanism that granted them easy access to large quantities of user data, research published by the University of Maryland last month has revealed. From a report: The central focus of this research was the release of Android (Marshmallow) 6.0 in October 2015. The main innovation added in Android 6.0 was the ability for users to approve app permissions on a per-permission basis, selecting which permissions they wanted to allow an app to have. [...] In research published in June, two University of Maryland academics say they conducted tests between April 2016 and March 2018 to see how many apps initially coded to work on older Android SDKs were updated to work on the newer Android 6.0 SDK. The research duo says they installed 13,599 of the most popular Android apps on test devices. Each month, the research team would update the apps and scan the apps' code to see if they were updated for the newer Android 6.0 release. "We find that an app's likelihood of delaying upgrade to the latest platform version increases with an increase in the ratio of dangerous permissions sought by the apps, indicating that apps prefer to retain control over access to the users' private information," said Raveesh K. Mayya and Siva Viswanathan, the two academics behind the research.
This discussion has been archived. No new comments can be posted.

Permission-Greedy Apps Delayed Android 6 Upgrade So They Could Harvest More User Data

Comments Filter:
  • by bit trollent ( 824666 ) on Tuesday July 16, 2019 @11:09AM (#58934422) Homepage

    Sometimes I feel strange when I think about just how many people have access to my location data, messages, phone logs, and probably even screen captures.

    That's one thing Apple did really well from the beginning.. they didn't turn your phone into a voyeuristic spying device.

    I just wish I could pay for apps with cash instead of data, but many apps, especially games will require tons of permissions to 'play for free' and won't have a version available for purchase which doesn't spy on your most intimate phone conversations.

    Too bad... I hardly ever install apps on my phone these days, just form the shear creep factor...

    • by Anonymous Coward

      I've always been a Linux guy, since before Linux had its current version numbering scheme, back when you had to hexedit the bootstrap block with corrected major/minor device numbers if you wanted to boot from a SCSI drive.

      This led me to naturally prefer the more "open" and "free" Android OS over the (to my perception) walled-garden, more "monopoly"-friendly Apple ecosystem. I used Android for years, and kept patiently waiting for some level of decent security to descend upon that product. It never arrived

    • I feel like the critical missing piece is the ability to filter out ad support and in-app purchases when searching for apps on the Play Store. That would dump developers into buckets of how they monetize.

      As it is, it's super difficult for traditional licensed apps to get visibility over the malware.

  • by account_deleted ( 4530225 ) on Tuesday July 16, 2019 @11:29AM (#58934556)
    Comment removed based on user account deletion
    • From a cursory look at the paper, it reads like a textbook example of confirmation bias. https://weis2019.econinfosec.o... [econinfosec.org]

    • by tlhIngan ( 30335 )

      Or it could simply be the ad libraries the app uses wasn't updated to Android 6, because the ad companies delayed the update.

      Most developers will write code properly. However, the libraries you use often dictate the extra permissions, especially since you want to eat and thus need to add that ad library to help you make some money. But you're beholden to the ad company and their permission set now.

  • by ZorinLynx ( 31751 ) on Tuesday July 16, 2019 @11:35AM (#58934610) Homepage

    To get around this, Android could offer the fine-grained permissions even to apps on the older API, and simply provide no data, or bad data, to applications that ask for data you have denied them access to.

    For example, lots of apps ask for access to contacts, because it's a great way to harvest information. Just provide an option to allow them access to automatically generated, fake contacts. Not only is your privacy preserved, but we get to fill the app developers' data mining with bad data! It's like a double-win.

  • A checklist applications that needs the users sexual preferences, sure they can do that.
  • google & android is as bad as facebook when it comes to using people as a product to sell to marketers, does apple do this with the iphone? i may switch to iphone if it respects people's privacy and does not sell or give away my personal information to marketers
    • by Darth ( 29071 )

      apple does not sell user information to marketers and the information it keeps for its own purposes is a anonymized and aggregated with other user information. you can opt out of that by turning it off in the privacy settings in the phone.

"The great question... which I have not been able to answer... is, `What does woman want?'" -- Sigmund Freud

Working...