Thousands of Android apps collect user data without permission, report finds

For story suggestions or custom animation requests, contact [email protected] Visit http://archive.nextanimationstudio.com to view News Direct's complete archive of 3D news animations.

RESTRICTIONS: Broadcast: NO USE JAPAN, NO USE TAIWAN Digital: NO USE JAPAN, NO USE TAIWAN
A joint report from the International Computer Science Institute and AppCensus has found that 1,325 Android apps are able to gather location data and unique device identifiers even if users haven't given the apps permission to do so.

Their findings were presented at the Federal Trade Commissions' PrivacyCon at the end of last month.

A total of 70 apps were found gathering geolocation data through images taken by users and sending the data to their own servers. Apps were able to bypass Android permissions and gather user data through Wi-Fi connection and by accessing the metadata stored in photos.

Thirteen other Android apps, including Baidu's Hong Kong Disneyland park app, were found looking through hidden files stored in the SD card folder. The apps were able to access data they didn't have permission for because it was stored in the files.

Researchers added that 153 additional apps, including Samsung's Health and Browser apps, also have this ability.

The report noted that three smart remote control apps were harvesting location data by connecting to a user's Wi-Fi network and by accessing the router's MAC address.

Google told CNet it will be addressing these issues in its software update, Android Q.

The study looked at more than 88,000 Android apps from the Google Play store.

RUNDOWN SHOWS:
1. Projection of Android apps, location icon and the IMEI number
2. Shutterfly app and the data it was collecting
3. Android apps accessing hidden files in the SD card
4. Smart remote control apps harvesting location data

VOICEOVER (in English):
"A joint report from the International Computer Science Institute and AppCensus, a company that examines how much data an app is collecting from a user, has found that 1,325 Android apps are able to gather location data and unique device identifiers — such as the IMEI of a device — even if users haven't given the apps permission to do so."

"Their findings were presented at the Federal Trade Commissions' PrivacyCon at the end of last month."

"A total of 70 apps including Shutterfly, a photo-editing app, were found gathering geolocation data through images taken by users and sending the data to their own servers."

"The apps were able to bypass Android permissions and gather user data through Wi-Fi connection and by accessing the metadata stored in photos."

"Thirteen other Android apps, including Baidu's Hong Kong Disneyland park app, were found looking through hidden files stored in the SD card folder. The apps were able to access data they didn't have permission for because it was stored in the files."

"Researchers added that 153 additional apps, including Samsung's Health and Browser apps, also have this ability."

"The report noted that three smart remote control apps were harvesting location data by connecting to a user's Wi-Fi network and by accessing the router's MAC address."

SOURCES: CNet, ZDNet, Berkeley Laboratory for Usable and Experimental Security, FTC,
https://www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/
https://www.zdnet.com/article/think-youve-switched-off-android-tracking-apps-are-logging-your-movements-anyway/
https://blues.cs.berkeley.edu/blog/2019/05/10/50-ways-to-leak-your-data-an-exploration-of-apps-circumvention-of-the-android-permissions-system-usenix-sec-19/
https://www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf