Hundreds of Android apps steal your data even if you deny permission, study reveals
Millions of users are potentially being affected, researchers claim
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.More than 1,000 apps are gathering personal data from our smartphones despite not having permission, a study has revealed.
Up to 1,325 Android apps available on the Google Play store could be secretly tracking people, researchers at the International Computer Science Institute in California discovered.
The apps use hidden work-arounds to bypass permission systems within the Android operating system.
“Our work shows a number of side and covert channels that are being used by apps to circumvent the Android permissions system,” the study stated.
“The number of potential users impacted by these findings is in the hundreds of millions.”
The researchers said they notified Google about the issue last year, but a fix will not be issued until the release of the Android Q operating system, due in August. The Independent has contacted Google for further comment.
The study, which was presented at the US Federal Trade Commission’s PrivacyCon, looked at around 88,000 apps. The researchers say a full list of the 1,325 apps that compromised user privacy will be released in August.
“Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it,” Serge Egelman, director of privacy research at the ICSI, said at the conference, according to the website Cnet.
“If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless.”
One example given in the study was the photo-editing app Shutterfly, which allegedly gathers GPS coordinates from a person’s phone, regardless of whether the user agrees to share their location data.
Shutterfly claimed it only gathered data with the permission of its users.
“Like many photo services, Shutterfly uses this data to enhance the user experience with features such as categorisation and personalised product suggestions, all in accordance with Shutterfly’s privacy policy, as well as the Android developer agreement,” its statement read.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments