Many More Android Apps Leaking User Data

eldavojohn writes "After developing and using TaintDroid, several universities found that of 30 popular free Android apps, half were sharing GPS data and phone numbers with advertisers and remote servers. A few months ago, one app was sending phone numbers to a remote server in China but today the situation looks a lot more pervasive. In their paper (PDF), the researchers blasted Google saying 'Android's coarse grained access control provides insufficient protection against third-party applications seeking to collect sensitive data.' Google's response: 'Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer. We also provide developers with best practices about how to handle user data. We consistently advise users to only install apps they trust.'"

A checklist

[Caerdwyn]

Rather than a blanket "you can send anything you want anywhere you want/you can send nothing to anywhere" switch, a finer-grained constrained set of permissions may be the way to go. Specifically:

• Commonly-requested data such as location and phone number are sent through specific APIs that ONLY send the requested info, and cannot send any other data. This data is sent not directly to whatever server, but to servers at the network provider, and the app provider picks them up from the network provider. This prevents arbitrary data from being sent when the claim that it is only a specific piece of data, allows "bad" apps (defined by deception, prohibited use or incomplete disclosure) to be cut off at the network provider when discovered, and allows vetting of outgoing data to ensure it meets the claimed destination.
• Transaction logs must be kept and be accessible to allow a user to see what's going out. Yes, most end users won't be able to make sense of the logs. But these logs could be uploaded to a security software provider for analysis, and the results presented in an understandable manner. "DroidGameApp: Microphone activated and streamed, GPS info, phone number sent to www.dhs.gov"
• Information collection by ads should be governed by a different set of permissions than the app presenting the ads. Ad-supported apps are fine, but the user should know what ads are doing on the network independent of the app.

And if an app provider doesn't like the light shone on their activities... that's a pretty good indicator right there.

Re:What Android needs...

[netsharc]

which, incidentally, is what BlackBerry has. You can allow/deny each app permission to access your address book, calendar, internet connection, send SMS, open your mailbox, etc. I don't think even the iOS have that yet (or well, I think it does, but for GPS location only). An app must be prepared to get an "access denied" exception, and survive through it.

And for corporate users, an admin can even set your phone to not allow installation of custom programs, deny all requests to read the user's calendar/address book (except for a white-list of apps), etc, etc.

As an Android user I wish Android would copy this feature, and as a fan of superior technology, I wish BlackBerry could promote these security features more.

Re:This is why OSS is so important

[RobDude]

Eh - malicious devs aren't retarded. If you are going to write code that does something bad, you'll hide it in an app that would also need that level of access.

For example - if I want to write an app that will secretly send text messages from your own to a premium text service that will cost you $9.99 per text - I wouldn't stick it into a card game app. I'd stick it into an app that claims to do something novel or useful with text messages. Like an app that takes your boring text message and translates it into ebonics, or leet speak or whatever.

If you code it in such a way that, it won't send out the premium texts until after a particular date - say 3 months after you write it; if it's a half-way decent app, you'd have plenty of time to build a user base with decent ratings.