Report: Some Android apps leak user data

Report: Some Android apps leak user data

Summary: A variety of popular applications for the Android mobile operating system have been found to reveal user data to advertisers, it was announced on Wednesday.The study, conducted by Intel Labs, Penn State and Duke University, used an application developed for the project named TaintDroid to analyse how private user information was obtained and released by apps downloaded to the Android phones.

SHARE:
TOPICS: Storage
1

A variety of popular applications for the Android mobile operating system have been found to reveal user data to advertisers, it was announced on Wednesday.

The study, conducted by Intel Labs, Penn State and Duke University, used an application developed for the project named TaintDroid to analyse how private user information was obtained and released by apps downloaded to the Android phones.

In a sample of 30 popular Android applications, 15 were found to send users' geographical information to advertisers' servers and seven sent unique hardware identifiers. In some cases, phone numbers and SIM card serials were sent. The applications tended to tell the user what data they would access, but not disclose who they would proceed to route the data to.

"We were surprised by how many of the studied applications shared our information without our knowledge or consent [...] The cases we found were suspicious because there was no obvious way for the user to know what happened or why," said William Enck, a graduate student in computer science and engineering at Penn State university, said in a statement.

The results of the study have been fully described in a paper (PDF), titled TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. The paper will be presented at the USENIX Symposium on Operating Systems Design and Implementation in Vancouver, Canada, on 4-6 October.

Topic: Storage

Jack Clark

About Jack Clark

Currently a reporter for ZDNet UK, I previously worked as a technology researcher and reporter for a London-based news agency.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Some make sense some not.

    Weather needs location, well duh!
    Layar needs location, well double duh!
    Barcode reader needs camera access, triple DUH! duh! duh!

    But Solitaire needs location access? I assume it show adverts and is free. Problematic this one. The location access isn't for my benefit, it's for the app producer benefit to make money.

    Seems the ad sponsored apps world is a real problem. Not only because your tiny screen has a slice taken off it to show an advert, not only because your dataplan is being used up downloading ads, but also because they send location and other data useful to advertisers.

    I dread the day when Facebook level privacy is used in these apps:

    e.g. "Do you want to invite your friends to join this Farm game?" yes.... app grabs your phone contact numbers and starts SMS'ing them invites (and adverts). Then it offers you a smiley plugin for your messages. Yes? App routes your messages through server to insert smiley, (and adverts and sells demographic data as mentioned on page 62 of the EULA, sub-paragraph 4c.)

    Seems to me one huge privacy nightmare if nobody gets a grip on it.
    guihombre