Slashdot Mirror
8% of Android Apps Are Leaking Private Information
kai_hiwatari writes "Neil Daswani, who is also the CTO of security firm Dasient, says that they have studied around 10,000 Android apps and have found that 800 of them are leaking private information of the user to an unauthorized server. Neil Daswani is scheduled to present the full findings at the Black Hat Conference in Las Vegas which starts on July 30th. The Dasient researchers also found out that 11 of the apps they have examined are sending unwanted SMS messages."
...100% of your Facebook apps! Nothing to worry about here, folks.
Vendor: "I'm shocked, SHOCKED to find information being leaked here!" Waiter: "Here's your mined data sir..." Vendor: "Thank you"
I think a finer control over permissions for applications is required. Some applications ask for something like "ability to make calls", so that feature X works. If you don't care about feature X you should be allowed to deny such permission.
Another example, the permission "read phone state and identity". Developers often say, "oh, we are not reading your phone number, just your IMEI to ensure your identity". They still have access to the phone number, why not fine-grain it and say: "ok, the IMEI, that is ALL you can see".
Assume that the 11,000 app sample is representative of a category of apps on Android Market, and 8 percent of apps in the sample have detectable spyware. In that case, it's far more likely than not that the prevalence of spyware across all apps in that category is at least 5 percent. So do you dislike statistical methods in general, or do you dislike the claim that the sample is representative?
Someone doesn't know how statistical samples work. (Hint: it's not the authors of the study.)
>Implying that the sample was random.
LBE Privacy guard, Droid wall, or just a ADB terminal and iptables can stop leaks like this by denying net access to any app that you don't want to give it to.
Not a sentence!
If you use the firewall program that you can download with Cydia, you will find that a majority of iPhone apps connect to ad sites, statistic sites, behavioral targeting sites, and many domains that have zero to do what what the app does. The end user has zero control of what an app can do, and any app can happily slurp your contacts and anything available to it and hand it over to whatever site it feels like, and only people who have JB-ed their phone would know.
Android, it is more obvious because you don't have to jailbreak it to see the programs phoning home.
For example, take some of the photo editing apps on the iPhone. If you look at them, they appear to just uplaod your photo to a website and do the core editing via that as opposed to the application doing much. So, that private photo you decide to use a 99 cent app to make humorous? It is now on someone's Web server, and they can (in theory) claim full ownership and copyright of the image at any time.
For the tl;dr crowd, iPhone apps are just as nasty, but they hide it better, being impossible to trace unless one jailbreaks their device.
When simple one-player games and such say they require full internet access I think "that may be for ads". When they require access to contacts, SD card, etc... That usually means don't install it. Unfortunately most of the apps I've looked at require full internet access AND access to contacts and don't get installed as a result.
Cool story bro.
The iPad3, now with wings!
What is an 'unauthorized' server? Is the server unauthorized by the app writer or by the end user or both? This is important information which is missing from the article. More worrisome in a link in TFA is the other attack vectors which are going to be discussed: drive-by downloading, etc. There's a video on the author's site at http://www.dasient.com/resources/video/?v=15 but I haven't watched it.
Developers often say, "oh, we are not reading your phone number, just your IMEI to ensure your identity".
The IMEI doesn't ensure the user's identity, just that of the handset. Pull out the SIM and put it in another handset (assuming AT&T, the only U.S. nationwide provider for which this actually works and which isn't an acquisition target), and the subscriber's identity follows the SIM (hence the name Subscriber Identity Module).
They still have access to the phone number, why not fine-grain it
Yeah, why not? To ensure the user's identity, perhaps the OS should make available the hashed phone number: the application can make sure the subscriber hasn't changed but not use it to make voice calls or send text messages.
LBE Privacy guard, Droid wall, or just a ADB terminal and iptables
Which requires 1. phones to have a security vulnerability that allows rooting, 2. users to know how to root a phone, 3. users to somehow learn that they should install a firewall on their phones, and 4. users to somehow learn which firewall programs are safe and which are not (see also fake antivirus on Windows).
It must be okay because we are open source, free as in beer and free as in 60s' sex !! WE ARE THE WORLD !! So what if some chinese have my info ?? It's not like they can even say my name without me cracking up !!
In this day and age, it's worth it, I say !! Live and let them have their cake !!
Yours,
Ben Vereen
Perhaps Google should follow Apple's lead here and simply change the EULA to give permission for application writers to access personal information and location.
That would certainly get rid of the "unauthorised" part of that statement.
Calling someone a "hater" only means you can not rationally rebut their argument.
I was really excited about Android, and tried to buy my kids an Android tablet last Christmas (nothing worth buying). But the data leaking, malware, etc. has flat turned me off the platform. My next phone will likely be WP7 (was a windows dev) or iOS if they bring out cheaper off contract models.
Wow! CTO of company that makes money selling security software for Android says that Android has security problems!
If you think you can get honest and objective info about this problem from the CTO of a company that is in the business of selling solutions to the problem, then you should not be allowed to use the Internet.
I'm not saying that there isn't a problem - I'm just saying that this is so obviously the wrong source that it is no better then an advertisement.
Not sure if you're aware of how percentages work... http://en.wikipedia.org/wiki/Percentage
All round numbers are false.
Exactly 10,000 and exactly 800? Come on.
what exactly is an "unauthorized server?" Given that Android enforces constraints (permissions) when you install an app, are they claiming that there are apps which can get Internet access without explicitly being granted permissions by the user when installed?
"National Security is the chief cause of national insecurity." - Celine's First Law
No wonder most apps don't make money.
Actually, the open source apps tend NOT to pull this kind of cheap stunt.
What a worthless article. They give some pretty fucking specific numbers but they don't even bother to let us know which apps are the offenders.
When simple one-player games and such say they require full internet access I think "that may be for ads".
Not all games whose action is single-player are purely single-player; many include a multiplayer metagame. This includes the ability to upload scores or other achievements to a server, to download other players' achievements for comparison, and to verify that other players' achievements were earned through legit play.
When they require access to contacts, SD card, etc... That usually means don't install it.
As for contacts, I agree with you, but a lot of programs require access to the SD card because the device's internal storage is too small to hold all data (meshes, textures, sound, etc.) that pertains to the game.
Fine then... ask for permission to contact someapplicationpage.com instead of the whole freaking Internet.
And run an open HTTP tunnel on someapplicationpage.com. You see, a device can't always enforce a privacy policy.
I checked a tetris like game that want to access your GPS location, your contact list and the internet. Why ?
Internet? Upload high scores, as Elbereth mentioned. GPS? To keep you from playing in another country where a different company has the exclusive license for the Tetris brand. But contact list? Don't know; that would raise my suspicion.
At some point, don't they have all the information about us? Given all the security breaches in everything we do, you would think that the market of this information would eventually be saturated. What more do these people want to know? The size of my johnson?
Seriously, I'm looking for somebody that understands what's going on to explain this to me. What use is all of this information?
Some applications ask for something like "ability to make calls", so that feature X works. If you don't care about feature X you should be allowed to deny such permission.
Blackberry works this way.
Apps request the permissions they want, but the user can choose to deny access to different areas of the phone (these selections are app-specific).
As soon as Android gets this capability, I'll happily switch.
But as it stands, I don't trust app developers enough to not abuse the lax security available on Android.
8% is low. Positive article gets negative spin.
The Gianmarco Lorenzi is a famous brand and produced with high quality .the woman worn this high heel shoes will attract men’s attention if you want a nice leg please buy the product the Gianmarco Lorenzi Shoes ,by the way now we will give you a low price to owe this beautiful shoes.don’t let go this good opportunity.The Gianmarco Lorenzi Pumps is waiting for you
This beautiful Gianmarco Lorenzi Shoes can make you looks highlight in the summer, it can make you like a young gils, furthermore Gianmarco Lorenzi is a big brand so the quality makes this shoes popular to women, and now the Gianmarco Lorenzi Pumps is on sale so you don’t let go this good chance to buy it.
I use the LBE Security app which allows me to more closely control what I want an app to have access to, it's a bit like a permissions based firewall - you can block specific permissions on each app. It does result in the odd FC if you tighten it down too far on everything but it's usually possible to find a workable combination. e.g. permit an app to access the phone id. (which it expects to always have access to and which causes it to FC if not) but then block it's access to the network (which cannot always be expected to be available)... so what if it knows the id. if it cannot report it.
Go permanent? In your dreams and my worst nightmares.
There are many apps which require excessive permissions without any reasonable explanation. Many of these appear as close-to-identical apps to shotgun better. I am surprised its only 8%.
I think what the poster was referring to, and you obviously missed, was how we are subjected to this nonsense that the Android platform is inherently open because you can get any app from anywhere because it's all so "open" (yes, I get the difference between app and OS). As it turns out open isn't necessarily better, it's just open, and that comes with its own drawbacks.
Or just getting a rootable phone from the get-go (such as the Nexus *)
I can't really afford $70 per month for phone service, and I imagine that a lot of other people have an entry-level Android-powered phone on a $25 per month plan, such as LG Optimus V or Samsung Intercept, because they're in the same position. The LG Optimus V was rootable as of January 31, 2011, but the article appears not to have any updates as to whether it is still rootable. Are there any Android-powered phones that are 1. designed from the ground up to be rootable and 2. available on a pay-as-you-go carrier?
What is the point of these articles if they don't list which apps are the guilty ones?
Installation to SD is one possibility too, but why would something like a Tetris clone need access?
Let me guess: you haven't seen the FMV opening cut scene in Tetris Worlds for PlayStation 2. Tetris products are a lot bigger than they used to be: from the 26 KiB of Tetris 3.12 for MS-DOS (1985) to the 32768 KiB of Tetris DS (2006).
My impression is that at least in Europe it's cheaper in the long run to buy the phone unlocked and search for a provider on the side
And it's the exact opposite in the United States, where there are no truly unlocked phones. Each phone is either locked to Verizon (a CDMA2000 provider), locked to Sprint (a competing CDMA2000 provider), locked to AT&T (a GSM provider preparing to acquire the only other nationwide GSM provider), or "unlocked" GSM. The trouble is that "unlocked" GSM phones work only on GSM providers, and once AT&T buys T-Mobile's USA operations, GSM phones will work only with AT&T. And even if you buy your phone up front instead of subsidizing it with a contract, there's no discount on the monthly service.
All this makes it all the more expensive for a U.S. customer to "just get[] a rootable phone from the get-go".
Right now I'm paying around 10€ per month for the network service (8€ for flat rate internet and the rest for talk and SMS which I don't use much).
In the United States, that would cost $70 per month on a contract provider or $25 per month on a prepaid provider, and all the prepaid providers lock their phones.
Even if the CTO of a security software co. that sells its wares for ANDROID? I doubt it...
APK
P.S.=> That type of "spinmaster b.s." doesn't cut it on your end, & it NEVER has... truth's TRUTH, no matter who stated it, period!
... apk
Why is it that whenever these types of articles come up it's next to impossible to find the actual list of offending apps, if at all. So which are the 11 apps that send SMS out without permission?
You are killing more of them yourself.
Import one from China.
They're all made in China. I assume you mean buy a phone not associated with a well-known worldwide brand. But do these have access to Android Market? And with which U.S. prepaid carrier would I activate a Ctone T01 should I decide to buy one? This announcement mentions GSM but not CDMA, leaving AT&T as the only choice once AT&T completes its acquisition of T-Mobile.