Android security seems to be in everyone’s mind again as its apps are, yet again, sending out data unbeknownst to its users. This time, some apps have been found to be sending GPS data to advertisers without the user’s consent or awareness. Researchers from Duke University, Penn State University and Intel Labs have developed a security program called TaintDroid, which probably sounds more dirty than it should, that “uses dynamic taint analysis to detect and report when applications are sending potentially sensitive information to remote servers.”
Ars Technica reports:
They used TaintDroid to test 30 popular free Android applications selected at random from the Android market and found that half were sending private information to advertising servers, including the user’s location and phone number. In some cases, they found that applications were relaying GPS coordinates to remote advertising network servers as frequently as every 30 seconds, even when not displaying advertisements. These findings raise concern about the extent to which mobile platforms can insulate users from unwanted invasions of privacy.
It may be unnerving to know that TaintDroid showed that these apps, while running, are transmitting your location every 30 seconds! However, whether you’re unaware and are unable to opt in or out of the GPS service that theses apps use, it does get a little tricky if you feel like your privacy or security is being violated.
When you install some Android apps, they explicitly state what the app will have access to before you allow permission to install. I’ve found myself changing my mind the last minute when I see a game or some utilities app says it will require access to the phone’s GPS. Why?
Earlier this year, Android users were in an uproar when a wallpaper app was discovered to be sending user data to unknown servers in China. Prior to that incident, there were other concerns for Android security when two apps were remotely killed by Google for violating its terms and conditions. The two apps ended up not being malicious, but questions were raised about the applications in the Android Market and whether Google was being stringent enough on user safety.
The report with TaintDroid continues:
As Google says in its list of best practices that developers should adopt for data collection, providing users with easy access to a clear and unambiguous privacy policy is really important. Google should enhance the Android Market so that application developers can make their privacy policies directly accessible to users prior to installing, a move that would be really advantageous for end users.
And what if the app developer has malicious intent to start rather than security?
[Via: Ars Technica, photo]