- Joined
- Jul 28, 2007
- Messages
- 3,327
- Reaction score
- 3,055
Study claims personal data sent to developers and advertisers without user notification
Researchers have published the results of a study showing that Android applications are sending data to their developers and online advertisers without notifying users.
The joint study by Intel Labs, Penn State and Duke University found that publicly available mobile apps from Google's Android Market have been releasing consumers' private information.
Given the open nature of Android, researchers were able to build a real-time monitoring service called 'TaintDroid' to track what end-user information is used by apps developed on the platform.
The service analyses how private information is obtained and released by apps downloaded to consumers' smartphones.
The monitoring of 30 popular applications revealed that 15 sent users' geographic locations to remote advertisement servers. Seven also sent a unique handset identifier and, in some cases, the phone number and SIM card serial number to developers.
There are currently over 200,000 applications available in Apple's App Store and over 70,000 in the Android Market, many of which access users' personal data, including their location, phone information and history to enhance the experience.
"But users must trust that applications will only use their privacy-sensitive information in a desirable way," the researchers stated.
"Unfortunately, applications rarely provide privacy policies that clearly state how users' sensitive information will be used, and users have no way of knowing where applications send the information given to them."
The researchers have now made TaintDroid available to Google smartphone users as a prototype extension to the Android platform.
Designed to identify apps that transmit private data, the tool monitors how each app accesses and uses sensitive data, such as location, camera and phone numbers, to provide feedback after using a newly installed app.
Rob Bamforth, principal analyst at Quocirca, said that the research highlighted a problem that is not limited to Google, and that this is not the first time that apps developed on the Android platform have come under the privacy spotlight.
"As we get more and more used to doing things on our mobile, we are perhaps more trusting of our mobiles than our desktops, maybe because we get them from network operators, who we think are going to offer a form of protection," he said.
"But they hold a lot of personally identifiable information, even your location in some instances, so this research highlights the risk that mobile use involves and that they need protecting."
A Google spokesperson was keen to point out to V3.co.uk that, when installing an application from Android Market, users are presented with a screen that explains what information the application has permission to access, such as location or contacts.
"Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time," the spokesperson continued.
"Any third-party code included in an application is bound by these same permissions. We consistently advise users to only install apps they trust."
Google added that users always need to entrust at least some of their information to the developer of the application.
"Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer. We also provide developers with best practices about how to handle user data," the spokesperson said.
Source
Researchers have published the results of a study showing that Android applications are sending data to their developers and online advertisers without notifying users.
The joint study by Intel Labs, Penn State and Duke University found that publicly available mobile apps from Google's Android Market have been releasing consumers' private information.
Given the open nature of Android, researchers were able to build a real-time monitoring service called 'TaintDroid' to track what end-user information is used by apps developed on the platform.
The service analyses how private information is obtained and released by apps downloaded to consumers' smartphones.
The monitoring of 30 popular applications revealed that 15 sent users' geographic locations to remote advertisement servers. Seven also sent a unique handset identifier and, in some cases, the phone number and SIM card serial number to developers.
There are currently over 200,000 applications available in Apple's App Store and over 70,000 in the Android Market, many of which access users' personal data, including their location, phone information and history to enhance the experience.
"But users must trust that applications will only use their privacy-sensitive information in a desirable way," the researchers stated.
"Unfortunately, applications rarely provide privacy policies that clearly state how users' sensitive information will be used, and users have no way of knowing where applications send the information given to them."
The researchers have now made TaintDroid available to Google smartphone users as a prototype extension to the Android platform.
Designed to identify apps that transmit private data, the tool monitors how each app accesses and uses sensitive data, such as location, camera and phone numbers, to provide feedback after using a newly installed app.
Rob Bamforth, principal analyst at Quocirca, said that the research highlighted a problem that is not limited to Google, and that this is not the first time that apps developed on the Android platform have come under the privacy spotlight.
"As we get more and more used to doing things on our mobile, we are perhaps more trusting of our mobiles than our desktops, maybe because we get them from network operators, who we think are going to offer a form of protection," he said.
"But they hold a lot of personally identifiable information, even your location in some instances, so this research highlights the risk that mobile use involves and that they need protecting."
A Google spokesperson was keen to point out to V3.co.uk that, when installing an application from Android Market, users are presented with a screen that explains what information the application has permission to access, such as location or contacts.
"Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time," the spokesperson continued.
"Any third-party code included in an application is bound by these same permissions. We consistently advise users to only install apps they trust."
Google added that users always need to entrust at least some of their information to the developer of the application.
"Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer. We also provide developers with best practices about how to handle user data," the spokesperson said.
Source
