Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fifth of Android Apps Expose Private Data

Posted by CmdrTaco on from the that's-why-i-only-use-lynx dept.

WrongSizeGlass writes "CNET is reporting that a fifth of Android apps expose private data. The Android market threat report details the security issues uncovered. Dozens of apps were found to have the same type of access to sensitive information as known spyware does, including access to the content of e-mail and text messages, phone call information, and device location. 5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything."

14 of 286 comments (clear)

  1. Exposing private data by flaming+error · · Score: 5, Funny

    I tend to expose private data after a fifth of scotch.

    1. Re:Exposing private data by flaming+error · · Score: 5, Funny

      I hope you're joking. She's been dead for 12 years.

    2. Re:Exposing private data by flaming+error · · Score: 5, Funny

      No offense taken. You're not a dickhead, just a guy cracking jokes. Like me. (My mom's not dead, and she approved my comeback. She's here in the basement doing laundry now).

  2. Notifications by TyFoN · · Score: 5, Interesting

    And you are notified when installing in red letters exactly what the application has access to.
    News flash: 100% of your pc applications have access to your file system!

    1. Re:Notifications by somersault · · Score: 5, Insightful

      100% of your pc applications have access to your file system!

      Dozens of apps were found to have the same type of access to sensitive information as known spyware does

      Dozens of children were found to have access to the same types of kitchen utensils that murderers use!

      --
      which is totally what she said
    2. Re:Notifications by Kufat · · Score: 5, Funny

      A joke is trying to whoosh over your head.

      Cancel or allow?

  3. RE: Fifth of Android Apps Expose Private Data by D'Sphitz · · Score: 5, Insightful

    My Evo tells me before I install an app what it will be able to do, I assume it works the same for all Android phones. It's hard to get worked up over an app that can access personal data, when you were told in big red letters that this app can access personal data, and you clicked ok anyway.

  4. Most misleading article ever by Fnkmaster · · Score: 5, Insightful

    A fifth of applications rely on *permissions* that you, the user, must explicitly grant when you install them, that *allow* them to access private information.

    That does not mean they do access that information, or put it to any sort of untoward use. Android practically screams at you when you install applications that need a bunch of permissions. Generally, sure, you ignore that if it just says "Read/write SD card" for example. But if something suspiciously asks for lots and lots of permissions, you might say to yourself "gee, this looks a little funny".

    If 10,000 other people have installed it and everybody rates it 5-stars and there are no issues mentioned with it on the web, you can probably guess that it's not doing anything nasty with your information.

    But the fact that Android extremely explicitly warns you about these permissions means that the only issue in my mind is there should be a more intense distinction in the UI between permissions like "Read/write to SD card" that lots of apps need, and "Access my contacts" or "Send text messages" which only a smaller number of apps need.

    Otherwise, this is basically a hatchet job.

  5. Re:well well by cduffy · · Score: 5, Informative

    Err --

    Android applications have flags indicating what they are and aren't allowed to do, and are cryptographically signed with those flags. What this study (presumably) did is just check which apps have which flags set.

    Thing is, when you-the-user install an app, you're told exactly which flags it has set, and given the opportunity to confirm or deny. In short -- if you're installing a lighter-flame gadget which says it's allowed to read your address book and connect to the Internet, and you click "OK", you deserve exactly what you get.

    (Also -- misbehaving developers can, and sometimes do, have their signing keys revoked).

  6. Summary is wrong and trolling by recoiledsnake · · Score: 5, Informative

    From the summary:

    5% of the apps were found to have the ability to make calls, and 2% can send text messages, without the mobile user doing anything."

    Err, the mobile user was explicitly informed of this BEFORE the software is install. Don't believe me? Check this screenshot http://www.taosoftware.co.jp/en/android/wakeupcallmaker/img/wakeupcallmaker_install.png

    I guess someone has an axe to grind against Android (hint, hint) just because there were stories earlier about the iPhone revealing the exact location of the users to applications and ads.

    --
    This space for rent.
  7. A misleading slashadvertisement by Random2 · · Score: 5, Insightful

    If you actually RTFAs' source, you'll see that this smobile systems company is using these statistics to try and sell a dependency checker.

    Also, I saw no mention that these 'leaks' are derived from sources other than what the user allowed.

    In short, Not news.

    --
    "Our goal each year should be to increase the number of goals we set for ourselves!"
  8. Nothing against Android... by msauve · · Score: 5, Informative

    ...in particular. They're just selling anti-malware software for smartphones. They'll be glad to sell you protection for your RIM, WinMo, or Symbian phone, too. They're also glad to point out the danger you're in with those phones, too - lacking their product.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  9. Re:Operative words by SighKoPath · · Score: 5, Informative
    As an example, here is the warning text from the most recent update to the Google Maps application:

    This application has access to the following:
    • Your personal information: read contact data, write contact data
    • Services that cost you money: directly call phone numbers
    • Your location: coarse (network-based) location, fine (GPS) location
    • Network communication: full Internet access
    • Your accounts: Google Maps, manage the accounts list, use the authentication credentials of an account
    • Storage: modify/delete SD card contents
    • Phone calls: read phone state and identity
    • Hardware controls: record audio
    • System tools: prevent phone from sleeping, retrieve running applications

    These are all displayed to the user in big orange warning text, with an OK/Cancel button below 'em. Every application in the market does this sort of thing, so the user knows exactly what every app is able to do. The article looks like FUD to me.

  10. Re:Operative words by pegisys · · Score: 5, Informative

    You have to OK all the things that an app can touch before you install it, if you go installing apps without looking at what it can possibly touch then that is your problem. That is unless there is an exploit that allows developers to access features that it does not specify in the application manifest.