TechnoclinicTechnoclinic
  • Home
  • APPS
  • CAMERAS
    • PRINTERS
  • GAMING
    • LAPTOPS
  • HDTV
  • NEWS
  • PHONES
    • TABLETS
  • REVIEWS
  • SOFTWARE
  • Contact Us!
Search
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
Reading: Thousands of Android apps can track your phone — even if you deny permissions
Share
Sign In
Aa
TechnoclinicTechnoclinic
Aa
Search
  • Home
  • APPS
  • CAMERAS
    • PRINTERS
  • GAMING
    • LAPTOPS
  • HDTV
  • NEWS
  • PHONES
    • TABLETS
  • REVIEWS
  • SOFTWARE
  • Contact Us!
Have an existing account? Sign In
Follow US
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
Technoclinic > APPS > Thousands of Android apps can track your phone — even if you deny permissions
APPS

Thousands of Android apps can track your phone — even if you deny permissions

Loknath Das
Last updated: 2019/07/09 at 5:16 AM
Loknath Das
Share
SHARE

When you explicitly tell an Android app, “No, you don’t have permission to track my phone,” you probably expect that it won’t have abilities that let it do that. But researchers say that thousands of apps have found ways to cheat Android’s permissions system, phoning home your device’s unique identifier and enough data to potentially reveal your location as well.

Even if you say “no” to one app when it asks for permission to see those personally identifying bits of data, it might not be enough: a second app with permissions you haveapproved can share those bits with the other one or leave them in shared storage where another app — potentially even a malicious one — can read it. The two apps might not seem related, but researchers say that because they’re built using the same software development kits (SDK), they can access that data, and there’s evidence that the SDK owners are receiving it. It’s like a kid asking for dessert who gets told “no” by one parent, so they ask the other parent.

According to a study presented at PrivacyCon 2019, we’re talking about apps from the likes of Samsung and Disney that have been downloaded hundreds of millions of times. They use SDKs built by Chinese search giant Baidu and an analytics firm called Salmonads that could pass your data from one app to another (and to their servers) by storing it locally on your phone first. Researchers saw that some apps using the Baidu SDK may be attempting to quietly obtain this data for their own use.

COVERT CHANNELS AND SIDE CHANNELS

That’s in addition to a number of side channel vulnerabilities the team found, some of which can send home the unique MAC addresses of your networking chip and router, wireless access point, its SSID, and more. “It’s pretty well-known now that’s a pretty good surrogate for location data,” said Serge Egelman, research director of the Usable Security and Privacy Group at the International Computer Science Institute (ICSI), when presenting the study at PrivacyCon.

The study also singles out photo app Shutterfly for sending actual GPS coordinates back to its servers without getting permission to track locations — by harvesting that data from your photos’ EXIF metadata — though the company denied that it gathers that data without permission in a statement to CNET.

There are fixes coming for some of these issues in Android Q, according to the researchers, who say they notified Google about the vulnerabilities last September. (They point to this official Google page.) Yet, that may not help the many current-generation Android phones that won’t get the Android Q update. (As of May, only 10.4 percent of Android devices had the latest Android P installed, and over 60 percent were still running on the nearly three-year-old Android N.)

The researchers think that Google should do more, possibly rolling out hotfixes within security updates in the meantime because it shouldn’t just be newer phone buyers who get protection. “Google is publicly claiming that privacy should not be a luxury good, but that very well appears to be what’s happening here,” said Egelman.

Google declined to comment on the specific vulnerabilities, but it confirmed to The Verge that Android Q will hide geolocation info from photo apps by default, and it will require photo apps to tell the Play Store whether they’re capable of accessing location metadata.

[“source=theverge”]

TAGGED: Android, Apps, Can, Deny, Even, if, of, permissions, Phone?, thousands, Track, You, Your, —

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
[mc4wp_form]
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Loknath Das July 9, 2019
Share this Article
Facebook Twitter Copy Link Print
Share
Previous Article 9 great deals on popular gadgets: Drones, HDTV antennas, action cams
Next Article HP launches a range of laser tank printers for Small and Medium Businesses

Latest News

Case Study: Nissan and Teads’ Immersive Concept Car Campaign Transformed Scrolls into Stories
NEWS
Review of Hootsuite: Advantages, Drawbacks, Features, and Other Options
REVIEWS
From Idea to Launch: The Software Development Journey
SOFTWARE
How schools can save money and work more efficiently with managed print services
PRINTERS
How to Write Powerful Blog Posts, Comparisons, and Reviews
REVIEWS
How to Defrost Your Lens with Condensation
CAMERAS

Most Viewed Posts

  • Choosing the Right Tablet for Blogging and Writing On the Go (1,043)
  • What You Need to Know About Smartphones vs. Tablet use of the Mobile Internet (993)
  • How to Start a Product Review Blog (Templates & Examples) (989)
  • How To Start A Review Blog and Get Free Review Products (985)
  • App Annie now tracks 5,000 Android apps in China: Report (981)

© 2023 TechnoClinic Network. TechnoClinic Company. All Rights Reserved.

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Lost your password?