back to article 2 out of 3 Android apps use private data 'suspiciously'

Google's Android operating system doesn't provide controls to adequately protect users' sensitive data, according to a study that found two-thirds of applications monitored used phone numbers, geolocation, and other information “suspiciously.” The study – by computer scientists at Pennsylvania State University, Duke University …

COMMENTS

This topic is closed for new posts.
  1. sT0rNG b4R3 duRiD

    Time for a firewall app/mod

    Oh wait, I don't need one because... I don't actually use a smartphone :P

    Seriously though, would be developers should look into filtering packets on this device. Some sort of userfriendly personal 'firewall' might sell - of course you'd have to trust it... Be even better of course if it were completely free and open.

    1. Fizzl
      Boffin

      There isn't an app for that...

      Unless google change their all apps are equal mantra firewalls/virus scanners will be useless. All they can do is sugest to the user they might want to uninstal a suspect app. If the app isn't on the list then it won't be able to spot it. In my disertation I wrote five (short) lines of code that could disable another app (such as a virus scanner) and worked ok a fully patched 2.2 (not that most people will ever be fully patched. Firewalls fair no better as the internet permission is an all or nothing afair.

  2. Tzael

    Scary stuff

    People think I'm crazy for waiting until I can buy a Windows Phone 7 device, but when faced with uncertainty as to the safety of our personal data on an Android device I feel that something like the new Samsung Omnia 7 will give me the peace of mind that is needed.

    The daft thing is that I shouldn't have to worry about anyone snooping on my activities through my handset, but nowadays it's no longer as simple as picking a phone based on stylish looks or bundled utilities. If I choose Apple I get a mobile phone that is under such strict control I may never truly know what personal information is shared. With an Android device there's the added bonus of the OS coming from a company known for making a living from targeted advertising to be considered along with the contents of this article. WP7 comes from a company known for upholding privacy legislation in their products so my (rudimentary) logic suggests I should give them a chance. Then again WP7 may be just as subject to abuse of personal data by third party app developers, but due to the Microsoft name the WP7 devices and available apps will be under much greater scrutiny than the iOS or Android alternatives as people hunt for ammo to use against MS.

    1. Anonymous Coward
      Anonymous Coward

      logic

      People think I'm crazy for waiting until I can buy a Windows Phone 7 device.

      They're right.

      Not only will you be susceptible to badly written apps but infections as well.

      1. mccp

        FUD

        "Not only will you be susceptible to badly written apps but infections as well."

        And you base this assertion on what evidence exactly?

        1. Code Monkey

          "And you base this assertion on what evidence exactly?"

          I didn't assert that but I agree. I base my agreement on years of badly written apps, stack overflows, Slammer and other comedic security gaffes.

          1. The Other Steve
            FAIL

            In other words, nothing but prejudice

            Fail.

      2. Peter Storm

        Nor only that...

        If you buy a Samsung you'll get a crap phone tool.

      3. sabroni Silver badge
        Thumb Down

        Unlikely...

        the hackers go after the os with the greatest penetration. On desktop that's windows, but on phones surely Apple's os or Android are the ones that'll be targetted. The idea that win 7 will get enough market share to warrant hacking seems a little unrealistic....

      4. pan2008

        Android is like the old Windows mobil

        Android suffers exactly from the same problems that Windows mobile suffered, fragmentation, unvetted applications downloaded from various websites, difficult updates of the operating system. The interface is also cannibalized by each vendor. Just bear in mind that success many times depends on marketing money. Look at Web Os, great system from what I've heard (not seen) but never took off. I am due for an upgrade and waiting to see what Windows phone can do, then will buy something else cause my mobile is almost 3 years old.

        Just use the best mobile, go to the shop and ask for a demo, and then decide what fits you best and what your pocket can afford.

    2. Bilgepipe
      WTF?

      Title

      "If I choose Apple I get a mobile phone that is under such strict control I may never truly know what personal information is shared."

      Seriously? If you believe this drivel you should probably steer clear of a phone altogether and stay indoors where the bad men won't come and get you. To choose Microsoft over anyone else with regard to security is delusional.

    3. Anonymous Coward
      Anonymous Coward

      Like most

      You realise that like most of these "revelations" that it applies to all smartphones?

      It's like an article a while back complaining how Windows is vulnerable to user stupidity, implying that other OSs aren't. I can't recall the name of the iPhone app that was pulled for using user's data in a suspicious way, I think it even went so far as to use undocumented APIs to pull the phone number.

      While I agree that Android does need a better permission assignment system, I haven't seen anything that suggests WP7 will be any more secure, only Microsoft's reputation, and that scares me.

      Ultimately, the problem is user's not realising how sensitive the data on their phones is and not using common sense to protect it.

    4. Anonymous Coward
      Anonymous Coward

      Hahahah

      >>WP7 comes from a company known for upholding privacy legislation in their products so my (rudimentary) logic suggests I should give them a chance<<

      Dear god in purgatory are you really that naive?

  3. JaitcH
    WTF?

    It's bad enough having the OS supplier having unlimited access ...

    but having Apps access things for which there is no legitimate need for should be a no-no.

    There is a secondary concern: the use (theft) of user paid communications. This could mean that a device left plugged in, powered up and not used still incurs communication use fees.

    Whilst there is nothing the user can do about the OS/manufacturer data use, all systems should be equipped with OS features that allow users to determine EXACTLY which App has access to what data. None need access to cell phone identification.

    Until this happens I will happily use my 'dumb' phone knowing exactly who knows what about me.

    1. Danny 14
      Thumb Down

      aye

      plus phoning home every 30 seconds will eat battery life too.

    2. Tigra 07
      Thumb Down

      Well almost...

      What makes you think your dumb phone is safer?

      Didn't Vodafone sell a tonne of user data and get caught a while back?

      Network operators do the same thing, these apps may well be stealing info to sell to Orange, 3 and T Mobile

      You never know

  4. Steven Knox
    Unhappy

    Correcting the Numbers

    By selecting only from applications that access both personal data and the internet, they're overstating the significance of their study by about 3x. Furthermore, their summaries blur this distinction unnecessarily.

    Specifically, their FAQ says "We studied just over 8% of the top 50 popular free applications in each category that had access to privacy sensitive information in order to get a sense of the behaviors of these applications." Since there were 22 categories at the time they did the study, that would imply (22*50=1,100 * 8% =) 88 applications. However, they actually only tested 30, because of the 1,100 top 50 applications only (from the PDF) "roughly a third of the applications (358 of the 1,100 applications) require Internet permissions along with permissions to access

    either location, camera, or audio data." -- meaning that the other 742 apps don't have the necessary permissions to play badly. The clause "..that had access to privacy sensitive information in order to get a sense of the behaviors of these applications." from the FAQ is grammatically ambiguous in this case (it may refer to "applications" or "category"), and not specific enough to indicate that over 2/3 of the applications are (relatively) safe by dint of not having the necessary permissions.

    They also didn't include in their study apps from 10 of the 22 categories, but they don't explain whether that was due to a) there not being any or enough applications in those categories that required internet and personal data permissions, b) a conscious choice to focus on the other 12 categories, or c) the results of random selection (with an explanation of why they did not use a stratified sample).

    Once you factor back in the applications they ignored, the numbers don't look quite so bad. Assuming their sample was representative, 2/3 of the 358, or about 239 applications of the top 1,100 of the time use personal data suspiciously. That's about 21.7% or just over 1 in 5 -- still significant, but a far cry from 2 out of 3. In fact, the worst case maximum is actually 358 of 1,100 or just under 1 in 3 (32.45%) because they are as mentioned above the only ones that actually acquire the permissions necessary to do anything "suspicious".

    I understand why both the researchers and the reporter used the 2/3 figure -- you all believe you have to sell the point as hard as possible*. But the real story is that it's likely that at least 1 in 5 Android Apps use private data "suspiciously" -- and that number is still high enough to cause concern and to justify the further use of tools like TaintDroid. It's a pity you didn't trust the facts enough to avoid the unnecessary sensationalism.

    *I am assuming, here, that Mr. Goodin did actually read and digest the paper as I did, rather than simply picking out the figures from the study, the FAQ, or a press release.

    1. mego
      Thumb Up

      Well said

      Couldn't have said it any better!

      <standing ovation>

    2. JimC

      I don't think that is exaggeration...

      It all depends on the point of the exercise. To my mind including apps that don't have access to personal data would be clouding the picture. Of course you may just be complaining that the headline is misleading, which is fair, but of course if misleading headlines were banned there wouldn't be many left...

    3. The Other Steve
      Thumb Up

      +1 for reading paper

      Unlike most of the commentaries so far.

  5. Bilgepipe

    Locked-In Walled Garden etc etc

    Never mind that, I hate how Apple never lets me do what I want on my iPhone, blah blah blah. What's that? Apples policy protects users from the problems listed in the article?

    This was predicted long, long ago when Google announced Android would be a free-for-all with no app security and no approval process. And bear in mind that a data-mining company like Google doesn't WANT apps locked out - grabbing your personal data/emails/browsing history/search history/document contents/chat transcripts is the whole point.

    Where's the Evil Eric icon, ffs?

    1. Loyal Commenter Silver badge
      FAIL

      No app security?

      What, you mean like when you download an app and it flashes up a great big warning about what parts of the system the app wants access to, which you have to okay before downloading it? App security like that?

      Have you actually _used_ an Android phone?

    2. Anonymous Coward
      Coffee/keyboard

      "Apples policy protects users from the problems listed in the article"

      LOL, and why would you seriously believe that? Because Apple said so?

      'Bilgepipe' - what a very apt name.

    3. Annihilator

      @Bilgepipe

      The iPhone is more than capable of selling all your data to the app's author. It will ask you (once mind) if it can use your location data. That satnav app you have, you'll willingly let it use your location, of course it needs to. But it won't ask you before pinging home every 30s to track you. Hell, the APIs actively allow for it without any question - the Apple approval process wouldn't object to that sort of app, as they believe the API asking you for permission is enough.

      You are trusting every app you have installed as soon as you give it that one permission. For example, iOS4, I didn't realise that the camera has been geotagging each photo since I owned it. Until this point, it's never asked my permission - it's only just started asking, previously it's assumed permission.

      1. DZ-Jay

        No true!

        >> "the Apple approval process wouldn't object to that sort of app, as they believe the API asking you for permission is enough"

        That is not true at all! The License Agreement specifically says that the App *must* use the information for its intended purposes. So a SatNav app that asks for your location information and uses it to tell you where you are is OK, but if it attempts to "phone home" in order to track you--which was not the explicit intent of the application as per its description--clearly violates the agreement.

        There have been numerous cases where applications doing such things have been rejected by Apple (doing static analysis of code can reveal such things) and the developers banned from the App Store altogether for the transgression.

        Now, if the application description says "Find out where you are using our SatNav and let us track you to give you better advertising" and the user decided to download it, then that's his problem; there's no violation there.

        So, yes, for this particular case, the "walled-garden" and curation provided by Apple is superior to the wild west environment of the Android Marketplace.

        -dZ.

  6. Anonymous Coward
    FAIL

    bored

    of reading these clueless reports.

    Any free app that uses AdMob will likely also enable Coarse Location permission so that it delivers local adverts based on your rough location (based on current cell tower(s) triangulation).

    Big Whoop....

    I wonder why Intel are funding this report?... (MeeGoo, time to badmouth Android). When will Nokia resort to funding such similar FUD? (Very soon is by guess, considering their current Smartphone traincrash).

    1. Danny 14
      Stop

      but

      why do they need your phone number and device id? Updated every 30 seconds? wow.

  7. Anonymous Coward
    Jobs Halo

    You don't need to see this title.

    If only there was a smartphone/app platform that was more protective of user data, with more control over the apps that were published, so users could feel somewhat safer with their purchases and smartphone use.

    :D

  8. Anonymous Coward
    FAIL

    Yawn....

    >For example, if a user allows an application to access her location information, she has no way of knowing .....

    'She' knows 'her' location is shared and can say no thanks before the installation takes place. Once its out there, its out there to be further shared anyway, even if the phone itself is only sharing directly with a single service.

    Surely the story should be that other smartphones don't provide any access controls at all.

    1. chr0m4t1c
      FAIL

      It would be

      "Surely the story should be that other smartphones don't provide any access controls at all."

      Yes, that would be the story. Apart from being completely wrong of course.

      Android tells you when the app is installed, others tell you when you run it for the first time or whenever you run it.

      If I run the sat nav on my phone, I don't think it unreasonable for it to ask me to use my location. If I turn on the feature that tracks my journey to alert me of traffic problems I don't think it's unreasonable to allow it to connect to the server every 5 minutes or whatever.

      I do not, however, expect the sat nav to upload the address I have tagged as "Home" along with my phone numbers, for example, or to keep tracking me when I leave the app.

      Android doesn't prevent this kind of thing happening and neither do any of the other smart-phone systems in all likelihood.

      This type of program is usually referred to as a Trojan and generally frowned upon when it's a supposedly legitimate piece of paid for software..

      1. DZ-Jay

        Re: It would be

        >> "Android doesn't prevent this kind of thing happening and neither do any of the other smart-phone systems in all likelihood."

        Apple does. They do static-analysis code check, as well as testing, on the submitted applications to determine access and transfers and to see if it does what is expected, and nothing suspicious. Applications have been rejected for communicating, say, location information when the application has no real reason to use this information. The license agreement for the App Store includes provisions to prevent such things.

        -dZ.

  9. Chronos
    FAIL

    Is anyone surprised?

    This is Google. This is the currency they expect to be paid with: Your privacy. Anyone who expected anything different is deluded.

  10. twunt

    Beware

    I went to install a game yesterday, only to find that it wanted permission to access my SMS Messages. Cancelled the instal.

  11. Anonymous Coward
    FAIL

    Nice FUD, but no cigar.

    Here are two little tidbits of information that some of my predecessor commentards obviously do not possess, probably due to not actually knowing anything about Android, much less owning an Android phone.

    Every Android application HAS TO ASK PERMISSION for Internet access.

    Every Android application HAS TO ASK PERMISSION for access to personal information such as contact data.

    This applies also to other stuff, for example GPS or SMS: in short, prior to installation / update, the user is asked whether to grant a list of specific requested permissions to the app. It's certainly not a perfect solution, but it still means that Tetris game you downloaded will have no ability to siphon off your private information unless you explicitly allow it to.

    1. Danny 14
      Stop

      indeed

      but even that is very coarse. I install a GPS navigation app. It needs access to the internet to get maps - fair enough. It needs access to your contacts to build up its "pin point" list for the GPS. Fair enough. It needs the device ID to register the paid licence as it is non transferable. Fair enough

      What it didnt tell me is that it it tags my GPS location to my friends locations and sends all this info home along with my device ID. That way it can send me info tidbits about pizzas when I go to peoples houses.

      I think this is what the article was pointing at - legitimate uses of accepting functionality may not dictate what it actually DOES with it.

      1. Anonymous Coward
        Anonymous Coward

        ...that's also true...

        ...but keep in mind that the same could happen in any other existing mainstream system - the desktop version of Windows included. Otherwise we would not have trojans :).

        Ultimately it's the question of the trustworthiness of the developer, and, in fairness, a lot of non-rubbish apps on the Android Market provide either a full-blown privacy policy, or at least an explanation as to why they need internet access.

        The problem exists in all current systems, and for a simple reason - no one so far came up with a system that does all three of the following things:

        -provides a fine-grained control over access rights of an application,

        -does not use a lot of resources to implement this feature,

        -is not damn annoying either to the developers or the users.

        I was (yes, same AC here ;p ) only commenting on the unfair scaremongering present in the previously posted comments, i.e. "a lot of apps MAY be shifty with the data they get [that the user allows them to get], so ANDROID SUXXX0RZ!!!!1oneone!".

  12. Anonymous Coward
    Anonymous Coward

    Perhaps it is just me, but...

    Android users are exceptionally dumb if they seriously expect any level of privacy when using their phone - it's a Google product ffs. You forfeit your right to privacy the moment you use anything from that fucking company.

    1. Tempest
      WTF?

      Google is a known evil with Android but Apps shouldn't be

      I pay for an App for it's utility, so if they want additional income they should charge more and not give my data away at MY COST, yet!

      1. The Other Steve

        Oh dear

        You pay for an app, yes. So that means you think it will have some value. But you seem to be under the impression that the people writing the app have 'providing value for you' as their only goal.

        In one sense you're right, mobile apps should be more expensive, which would provide developers with sufficient revenue that they wouldn't feel the need to do things like this. But it turns out that if you price a mobile app much above $1.99 most people won't buy it.

        That figure is from the Apple market, but given the constant hectoring about price, there's no reason to imagine that Android fanboys are any less price sensitive than Apple fanboys.

  13. mego
    FAIL

    Um... and I seem alone here

    ..but every time you select an app for installation, Android tells you precisely what the app can access (yes it's accurate) - the researchers admit this is true as well.

    How about a little common sense people??

    Downloading an alarm app that needs access to your phone service, internet and system? Um lets see, sound a bit suspect??

    Downloading a torch app that needs access to your location, system tools, internet, your dogs rabies result? Yeah, that's gonna be canceled fast.

    You have a brain and intelligence (we hope): use it.

  14. I'm Brian and so's my wife

    Battery life?

    I'm mulling over my choices with my next phone (will be my first smartphone). Do these kinds of apps have their part to play regarding the generally poor battery life? Just when you think your device is sat there being idle, in fact it's calling the mothership / ad server / etc?

  15. Anonymous Coward
    Anonymous Coward

    Google DataPolice

    Does it make sense for the OS owner to supervise the movement of data of the handset? Every request has to pass through it's servers using it's APIs so that it can monitor the use of the personal data.

    Google could sell it as 'helping to keep users safe', but the amount of data it would gather about how firms use users data would really help it's ad-engines.

  16. John Tserkezis
    FAIL

    It smells like... like... bullshit.

    If the study doesn't name names, the study ain't worth shit.

    Saying that "There are no guarantees apps for Apple's iPhone or Research in Motion's Blackberry would fare any better if subjected to the same scrutiny" does nothing if they haven't actually BEEN put under the same scutiny.

    Till that happens, it serves as scaremongering against Android, and perhaps lead the market towards Apple or RIM on the basis that Security By Obscurity is a good thing. Or maybe that what you don't know won't hurt you...

    I on the other hand see this as first class, complete and absolute, full up and down, grade A bullshit.

    And I'm not buying it.

  17. Anonymous Coward
    Anonymous Coward

    Fine-grained control

    How fine-grained control would you need? A map app needs GPS and the internet, so you let the app access those. That's fine. But how do you know whether the GPS data is just used internally within the app or if it's being sent to tracking companies?

    So allowing the app to access the things it needs and nothing else still doesn't really protect you unless you had super-fine-grained control. But then who would know how to actually set the controls correctly?

  18. Anonymous Coward
    Anonymous Coward

    Ad based apps

    Its down to the way ad based apps need to be able to serve ads to you via internet, probably need some method of id-ing the device to know which ads have already been served etc and also could benefit from knowing where you are so that you get relevant ads (this is useful - I'm constantly irritated here at work by getting ads in French because our corporate WAN has its internet gateway in France and thus websites assume that as my request originates from France that I must be French)

    Now the problem is that to do this with the current set of permissions that Android supports involves opening up quite a lot of the access permissions. I think I've read that Google have seen this as an issue and are going to add a specific set of permissions/API for ads.

    1. Loyal Commenter Silver badge
      WTF?

      What?

      Are adverts in French somehow more difficult to ignore, or are you actually the mythical advertiser's target audience, who will buy whatever anyone tells them to, as long as they can understand the advert? If this is the case, then please buy some of my genuine bottled Bristol air - a bargain at only £1,000,000 a jar.

  19. Anonymous Coward
    Unhappy

    Ok so I hate Google but...

    I don't see how you can single out Android for this problem. This is a more general problem with ad-based revenue financing the whole software development ecosystem. This model needs to know as much as possible about you to be effective. You can blame Google for promoting this business model as if there is no tomorrow but definitely they are not the only company using it.

    I'd rather pay £10 to the developers of an application I find useful than have them engage in this dirty business model, but I suspect I am in the minority. How many people would pay Google to get a search service that doesn't keep track of you AT ALL? Not many I am afraid.

    Getting things from "free" is the mantra of this age and people don't worry about the fact that "free" means you are just paying in a different way.

  20. Loyal Commenter Silver badge
    Boffin

    Finer grained controls...

    I see several posts here asking why Android can't have finer grained control over what information is used for what. For example, an application (e.g. a mapping app) may need access to both location data, and internet access, but you wouldn't want it sending that location data over the net for advertising purposes.

    Unfortunately, because Android apps are written in Java, which has no data 'tainting' (AFAIK), once this information is given to the app, there is no way of knowing whether the app is passing it on to a server somewhere, without having controls on the execution of every line of code. This is clearly impractical.

    Some languages (such as PERL) have a concept of data tainting. For instance, with this turned on, data entered by a user cannot be executed as code, without first being 'untainted'. In the same way, a variable containing personal information could be marked as tainted. Any variable then being assigned from this value would also be marked as tainted. Without explicit permission, tainted variables could not be used to generate content sent over the internet. problem solved. Unfortunately, as I said, I don't think Java has this functionality.

    Of course, this does raise the issue that if you have too many different access permissions, users are more likely to gnore them. Also, there will always be plenty of people who don't realise, or care about the implications of allowing an unscrupulous app developer access to all of your personal information.

    I don't see how this is solely an Android problem anyway; surely the same technical problems exist for any platform that can be given access to both personal data, and the internet.

  21. Anonymous Coward
    Black Helicopters

    Why is anyone surprised by this?

    It's a google product after all. They want to know EVERYTHING all the time!

  22. Nick_K
    Alert

    Comment on private data access from Android developer.

    1. All free applications that contain some ads both on Android or Apple iOs send geo information to server - and this is reasonable - I think you don't need advertising in Chinese or Russian :).

    2. Paid applications with self-made protection need to know device unique ID or IMEI to generate license, and normally companies or developers will never use or publish such private data, its not a way of making business for them.

    3. Apple fans take a look here - "iPhone apps put user privacy at risk" http://www.theregister.co.uk/2010/10/04/iphone_privacy_report/

This topic is closed for new posts.

Other stories you might like