Many More Android Apps Leaking User Data

eldavojohn writes "After developing and using TaintDroid, several universities found that of 30 popular free Android apps, half were sharing GPS data and phone numbers with advertisers and remote servers. A few months ago, one app was sending phone numbers to a remote server in China but today the situation looks a lot more pervasive. In their paper (PDF), the researchers blasted Google saying 'Android's coarse grained access control provides insufficient protection against third-party applications seeking to collect sensitive data.' Google's response: 'Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer. We also provide developers with best practices about how to handle user data. We consistently advise users to only install apps they trust.'"

List of apps and permissions they need

[slaxative]

They finally get to the part I care about, which is the list of apps they tried. Look at page 9 of their paper in PDF format.

But how?

[Drakkenmensch]

"We also provide developers with best practices about how to handle user data. We consistently advise users to only install apps they trust.'"

How exactly is one supposed to do this? What is the process for building trust vis-a-vis apps when the only protection you receive from your service provider is "don't walk into dark alleys you don't trust"?

What Android needs...

[Nadaka]

Not only the ability to display what permissions an app requests, but the ability to deny the use of those features on a per feature basis for each app.

For instance, an app may request internet access (cellular radio or wifi), the user should be able to choose to limit that to just wifi or even turn off connectivity for that app all together.

Re:What Android needs...

[netsharc]

which, incidentally, is what BlackBerry has. You can allow/deny each app permission to access your address book, calendar, internet connection, send SMS, open your mailbox, etc. I don't think even the iOS have that yet (or well, I think it does, but for GPS location only). An app must be prepared to get an "access denied" exception, and survive through it.

And for corporate users, an admin can even set your phone to not allow installation of custom programs, deny all requests to read the user's calendar/address book (except for a white-list of apps), etc, etc.

As an Android user I wish Android would copy this feature, and as a fan of superior technology, I wish BlackBerry could promote these security features more.

Applications I trust?

[sotweed]

It is hard enough to know if I should trust my child, and I raised him. He doesn't
tell me much. App developers tell me less, and some of them are devious. This is not
a good security model. And Google knows better.

Google's response == fluff

[inviolet]

"Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer. We also provide developers with best practices about how to handle user data. We consistently advise users to only install apps they trust." -- Google

What a bunch of fluff. The relevant developers don't care about "best practices" or any other voluntary standard. And how the f*** are users supposed to establish trust in certain apps? The platform does not significantly monitor an application's ongoing behavior, nor is anyone performing serious code-reviews or blackbox testing. Google COULD HAVE set up profiling tests similar to those run in TFA, but didn't.

For ONCE would a company please admit that they reduced privacy in order to provide the dumbed-down usability needed to capture market share and attract developers?

Re:15 of the 30...

[wgaryhas]

Being able to know where you are and when isn't personal information?

A checklist

[Caerdwyn]

Rather than a blanket "you can send anything you want anywhere you want/you can send nothing to anywhere" switch, a finer-grained constrained set of permissions may be the way to go. Specifically:

• Commonly-requested data such as location and phone number are sent through specific APIs that ONLY send the requested info, and cannot send any other data. This data is sent not directly to whatever server, but to servers at the network provider, and the app provider picks them up from the network provider. This prevents arbitrary data from being sent when the claim that it is only a specific piece of data, allows "bad" apps (defined by deception, prohibited use or incomplete disclosure) to be cut off at the network provider when discovered, and allows vetting of outgoing data to ensure it meets the claimed destination.
• Transaction logs must be kept and be accessible to allow a user to see what's going out. Yes, most end users won't be able to make sense of the logs. But these logs could be uploaded to a security software provider for analysis, and the results presented in an understandable manner. "DroidGameApp: Microphone activated and streamed, GPS info, phone number sent to www.dhs.gov"
• Information collection by ads should be governed by a different set of permissions than the app presenting the ads. Ad-supported apps are fine, but the user should know what ads are doing on the network independent of the app.

And if an app provider doesn't like the light shone on their activities... that's a pretty good indicator right there.

Re:This is why OSS is so important

[grub]

it also leads to a massive incentive to get things to market before the competition, which causes a complete lack of QA in the release process.

In the iOS world any app can try to read the GPS but the user is presented with a dialog asking for permission to do so. If it's an annoyance you can turn apps' permissions on or off individually in the Location options.

From what I've read, Apple's review process runs apps through some pretty funky things looking for naughtiness.

The odd piece slips through, of course, but I doubt it's half the popular programs as it sounds like it is for Android.

Re:15 of the 30...

[ciscoeng]

"This is OnStar. You appear to be traveling at a high rate of speed after stopping at a bank. Do you require police assistance?"

Re:This is why OSS is so important

[Specter]

^ this.

This is the value of the App Store that geeks/developers consistently underrate. Apple's walled garden provides a barrier to entry that helps to reduce the risk of ending up with a fart app that's also downloading your private banking information to China.

Google's free-for-all Marketplace is a real risk to Android's long term success because it sets up Android phones to become the must-see destination for viruses, mal-ware, and other shady operations. How long do you think it's going to be before having an Android anti-virus application is a practical requirement? What the uber-geek sees as the positive benefits of the Android eco-system (freedom and unlimited choices) are in fact NEGATIVE attributes to most of the rest of the mobile phone consuming populace. It's sorta like Android is the Linux of mobile phones...oh wait.

I enjoyed the EVO vs. iPhone YouTube video as much as anyone but more than a funny rip on Apple, it's also a perfect demonstration of how a lot of the technical community doesn't get it. Android's popular because the iPhone is hard to get and it's a pretty respectable facsimile of an iPhone, not because it has more WIFIs and GBs than Apple. When rogue apps start to make Android painful to use and own expect consumers to start looking for The Next Big Thing (tm).

Re:Prevasive?

[boneclinkz]

I felt that the utilitization of the word prevasive added an element of loquatiatory verbosity to an otherwise diphractic article.

Core features of apps == "leaks"?

[d_engberg]

The headline doesn't really match the contents of the paper as far as I can tell.
For example, "Evernote" is listed in the paper for:
1) Taking pictures with the camera
2) Recording audio with the microphone
3) Determining your location
And for transmitting this data to its servers.

These functions are, however, exactly what the application is designed for. You take notes (including snapshot notes and voice notes) and upload them to your account. When you launch the app, there are big buttons for "take a snapshot note" , "take an audio note", etc. Geo-tagging via the location APIs can be disabled from the Settings page, but this is another core advertised feature of the product.

So this is a bit like making it into Slashdot by discovering that a mail client transmits text that you type (and your email address!) to a mysterious "SMTP" server.
Headline: "Researchers discover nefarious 'e-mail' application leaking your data ... on the INTERNET!"

Re:This is why OSS is so important

[RobDude]

Eh - malicious devs aren't retarded. If you are going to write code that does something bad, you'll hide it in an app that would also need that level of access.

For example - if I want to write an app that will secretly send text messages from your own to a premium text service that will cost you $9.99 per text - I wouldn't stick it into a card game app. I'd stick it into an app that claims to do something novel or useful with text messages. Like an app that takes your boring text message and translates it into ebonics, or leet speak or whatever.

If you code it in such a way that, it won't send out the premium texts until after a particular date - say 3 months after you write it; if it's a half-way decent app, you'd have plenty of time to build a user base with decent ratings.