Over 1k Android apps harvest your data even if denied permission – study
Researchers have found more than 1,000 Android apps that skirt around data protection restrictions that ‘protect’ consumer privacy, collecting data even when users deny permission to the app to access their information.
“If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless,” said Serge Egelman, director of usable security and privacy research at UC Berkeley’s International Computer Science Institute, which produced the research.
The findings were presented at PrivacyCon, a conference hosted by the US Federal Trade Commission in late June.
Also on rt.com 'Luxury good' or no privacy at all? Apple & Google duke it out over customers' dataThe study’s sample contained some 88,000 apps from the Google Play store. Researchers then investigated their data transfer process after the user denied them permission to access data. They found that 1,325 of them used workarounds to circumvent the denial, in order to collect data from sources across the phone’s software.
One of the apps mentioned by name was Shutterfly, which is used for editing photos. The study found that it gathers GPS coordinates of where photos were taken and then sends the information to its own servers, regardless of whether users allowed or declined the app permission to access their location.
“Like many photo services, Shutterfly uses this data to enhance the user experience with features such as categorization and personalized product suggestions, all in accordance with Shutterfly’s privacy policy as well as the Android developer agreement,” a Shutterfly spokesperson said in a statement responding to the study.
Also on rt.com Privacy? What’s that? Facebook lawyer argues users have noneSome apps were found to have not violated privacy setting themselves, but rather utilized “piggybacking” to obtain data from other apps that the user did allow access to. Examples of this include Baidu's Hong Kong Disneyland app.
It’s not the first time that questions have been raised about tech giants’ commitment to protecting user privacy. Last year, AP reported that Google had been continuing to store user location data, even in cases where users had turned off the ‘Location History’ feature.
Egelman will be presenting more detailed information about the research findings at the Usenix Security conference in August, according to the online technology publication CNET.
Think your friends would be interested? Share this story!