Report: Some Android apps leak user data

A variety of popular applications for the Android mobile operating system have been found to reveal user data to advertisers, it was announced on Wednesday.

The study, conducted by Intel Labs, Penn State and Duke University, used an application developed for the project named TaintDroid to analyse how private user information was obtained and released by apps downloaded to the Android phones.

In a sample of 30 popular Android applications, 15 were found to send users' geographical information to advertisers' servers and seven sent unique hardware identifiers. In some cases, phone numbers and SIM card serials were sent. The applications tended to tell the user what data they would access, but not disclose who they would proceed to route the data to.

"We were surprised by how many of the studied applications shared our information without our knowledge or consent [...] The cases we found were suspicious because there was no obvious way for the user to know what happened or why," said William Enck, a graduate student in computer science and engineering at Penn State university, said in a statement.

The results of the study have been fully described in a paper (PDF), titled TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. The paper will be presented at the USENIX Symposium on Operating Systems Design and Implementation in Vancouver, Canada, on 4-6 October.