A study by scientists of Intel Labs, Duke University and Pennsylvania State University says that few Android apps are sending out private information like your current location information (could be GPS coordinates or coarse network based location details) and other sensitive personal data like IMEI, phone number and SIM number to, possibly the advertisers and app content servers. These information, claims the scientists are being sent without any kind of notification or permission of the users. They have achieved this using ‘TaintDroid’ application developed by them, which is an extension to the Android mobile OS platform.
The details of the study may be surprising for few but not a startling finding though. Every one knows how much online advertisers (even offline) are interested in the demographic and other details of their audience. A similar kind of tracking has been happening on the computing and web platform for decades now. Although the study is a commendable work by the scientists, I would rather say it is a ‘false debacle call’ made by skeptics, iPhone fanboys and the like.
The permission required by the app being displayed before installation.
The list of 30 applications which were under the scanner of TaintDroid are: The Weather Channel, Cestos, Solitaire, Movies, Babble, Manga Browser, Bump, Wertago, Antivirus, ABC – Animals, Traffic Jam, Hearts, Blackjack, Horoscope, 3001 Wisdom Quotes Lite, Yellow Pages, Dastelefonbuch, Astrid, BBC News Live Stream, Ringtones, Layer, Knocking, Barcode Scanner, Coupons, Trapster, Spongebob Slide, ProBasketBall, MySpace, ixMAT, and Evernote. The detailed paper is available here (pdf).
I am not saying this is not a matter to worry, but it is. I am a power user of my Android phone and by work I am a security consultant, so this is a matter of concern to me and other privacy advocates. I believe Android is one of the first platform which gave granular access control to the applications and a window to the users on what app an application has access to. This is displayed to the users during installation. The first part of this notification has generic sections and the second which is minimized shows the users the complete list of specific data the application will use.
The actual problem is due to the following reasons:
- Advent of super feature rich smartphones to the masses,
- Masses do not check what all information the app has access to,
- Masses are not worried much on what all information the app sends to and to where
So help yourself and do a quick glance and check for the permission required for an application every time during installation. For example, a puzzle game asking for current location coordinates (network or GPS based) is suspicious.
You can also view these access even after the installation by going to Settings > Applications > Manage Applications > {Application name} > Permissions.
