Android Apps Are Spying on Users Even After Being Denied Permission

Sheri Evans
July 10, 2019

They found 13 apps were exploiting this covert channel to get the IMEI information and 159 apps had the potential to do the same. If a user let one app access data on an SD card, for example, another app without that permission could still read its contents. But as it turns out, thousands of apps area capable of working around Android's permissions system and collect data to be sent back home anyway.

The unauthorized access to user data also involves access to the actual Global Positioning System coordinates of the device and geolocation data; the Shutterfly app has been found sharing geolocation data back to its servers.

"If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless", said Serge Egelman, director of usable security and privacy research at UC Berkeley's International Computer Science Institute, which produced the research.

There were also apps that were relying on other apps that were granted permission to look at personal data like your IMEI number. Further, there were apps using MAC addresses of the connected Wi-Fi base stations from the ARP cache (Address Resolution Protocol Cache) as a surrogate for location data. This data allows the information holder to pinpoint the exact location of the user, without Global Positioning System.

A$AP Rocky reportedly held under inhumane conditions in Swedish prison
Tyler, the Creator has vowed never to perform in Sweden again following A$AP Rocky's arrest there last week. The lawyer told AFP on Monday his client subsequently chose to appeal to Sweden's Supreme Court.

Virgin Galactic to become first space-tourism company to go public
Virgin Galactic and Social Capital Hedosophia did not respond to requests for comment from Reuters outside regular business hours. The race in becoming the first public company involved in space flight is officially ended, and Virgin Galactic won it.

Klopp agent gives concerning update on links to Germany job
However his agent has suggested that any other club will find it hard to afford the former Borussia Dortmund boss. Wijnaldum, Henderson, Milner, Fabinho - they're all workmanlike.

While most research has been focused on apps and platforms that gather information through more official channels - Facebook and Google chief among them - less attention is paid to those that may be gleaning information through side-channels.

Of course, the report's scope only includes 88,000 apps - more could be violating permissions without user notice. The report notes that apps used as smart remote controls often do this even though there is no legitimate reason for them to have a user's location data. Shutterfly takes the opportunity to walk through the metadata of the photos and therefore it transfer locations on its servers. If this happens, sharing something on Android would really become a pain in the neck, as quickly finding a specific app would be much harder.

The researchers say that they've notified Google about these issues last September.

Besides this, Manuel Vonau of Android Police says that he also got app install prompts while trying to open files formats which be opened by Microsoft apps like Word, Excel, Powerpoint etc.

Other reports by

Discuss This Article