Many More Android Apps Leaking User Data

eldavojohn writes "After developing and using TaintDroid, several universities found that of 30 popular free Android apps, half were sharing GPS data and phone numbers with advertisers and remote servers. A few months ago, one app was sending phone numbers to a remote server in China but today the situation looks a lot more pervasive. In their paper (PDF), the researchers blasted Google saying 'Android's coarse grained access control provides insufficient protection against third-party applications seeking to collect sensitive data.' Google's response: 'Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer. We also provide developers with best practices about how to handle user data. We consistently advise users to only install apps they trust.'"

List of apps and permissions they need

[slaxative]

They finally get to the part I care about, which is the list of apps they tried. Look at page 9 of their paper in PDF format.

Re:This is why OSS is so important

[grub]

it also leads to a massive incentive to get things to market before the competition, which causes a complete lack of QA in the release process.

In the iOS world any app can try to read the GPS but the user is presented with a dialog asking for permission to do so. If it's an annoyance you can turn apps' permissions on or off individually in the Location options.

From what I've read, Apple's review process runs apps through some pretty funky things looking for naughtiness.

The odd piece slips through, of course, but I doubt it's half the popular programs as it sounds like it is for Android.