According to a new research, about 1000 apps are there which can access your data and location, even after you say no to their access. Researchers find out that there are more than fifty ways that allow these apps can to gather precise geolocation data and phone identifiers behind your back.
Highlights of this research shows that in this world where we are extremely connected to our phones and mobile apps it is impossible to maintain our privacy online. These social sites and other tech companies have records of millions of people around the world, where they are going, their friend list, even who they are meeting.
Various privacy regulations and actions were taken by every giant tech companies. Many new features are being introduced by Apple and Google to improve people’s privacy, but many apps still find out some ways to break these barriers and dig out all the information.
88,000 apps from the Google Play store were taken as a sample for this research by the researchers from the International Computer Science Institute. Their data transfer process were investigated by these researchers after the user denied them permission to access data. These researchers found up to 1,325 Android apps remained unaffected even after the denial of the permissions. They used different setups and techniques in order to collect data from sources across the phone’s software.
Out of these 1325 apps the one which was mentioned by name was Shutterfly. It is a app used for the editing of photos. This app gathers GPS coordinates of where photos were taken and then sends the information to its own servers, according to researchers, whether users allowed or declined the app permission to access their location. Later, the company said in a statement:
In late June, director of usable security and privacy research at the ICSI, Serge Egelman presented this study at the Federal Trade Commission’s PrivacyCon. He said at the conference:
“Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it,”If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless.”
Last September, Researchers also reported Google and also FTC about these issues. Google responded that it will focus on these issues in Android Q, which is expected to release this year. According to the Google, the location information in the photos will not appear to these apps in the new update. Apps that access WiFi will require to have permission for location data.
There are also some spying apps that are depending on other apps, which are allowed to look at personal data. These apps actually look for the unprotected files on a device’s SD cards and then they take data from these files without any permission. According to the researchers, there were only about 13 apps spying like this and they were installed more than 17 million times. One example of such apps includes Baidu’s Hong Kong Disneyland park app. Some Samsung’s Health and Browser apps are also included in these lists.
In August, details with a list of the 1,325 apps the researchers discovered will be given, when Egelman will present the study at the Usenix Security conference.