Slashdot Mirror
8% of Android Apps Are Leaking Private Information
kai_hiwatari writes "Neil Daswani, who is also the CTO of security firm Dasient, says that they have studied around 10,000 Android apps and have found that 800 of them are leaking private information of the user to an unauthorized server. Neil Daswani is scheduled to present the full findings at the Black Hat Conference in Las Vegas which starts on July 30th. The Dasient researchers also found out that 11 of the apps they have examined are sending unwanted SMS messages."
...100% of your Facebook apps! Nothing to worry about here, folks.
Vendor: "I'm shocked, SHOCKED to find information being leaked here!" Waiter: "Here's your mined data sir..." Vendor: "Thank you"
I think a finer control over permissions for applications is required. Some applications ask for something like "ability to make calls", so that feature X works. If you don't care about feature X you should be allowed to deny such permission.
Another example, the permission "read phone state and identity". Developers often say, "oh, we are not reading your phone number, just your IMEI to ensure your identity". They still have access to the phone number, why not fine-grain it and say: "ok, the IMEI, that is ALL you can see".
Assume that the 11,000 app sample is representative of a category of apps on Android Market, and 8 percent of apps in the sample have detectable spyware. In that case, it's far more likely than not that the prevalence of spyware across all apps in that category is at least 5 percent. So do you dislike statistical methods in general, or do you dislike the claim that the sample is representative?
>Implying that the sample was random.
LBE Privacy guard, Droid wall, or just a ADB terminal and iptables can stop leaks like this by denying net access to any app that you don't want to give it to.
Not a sentence!
If you use the firewall program that you can download with Cydia, you will find that a majority of iPhone apps connect to ad sites, statistic sites, behavioral targeting sites, and many domains that have zero to do what what the app does. The end user has zero control of what an app can do, and any app can happily slurp your contacts and anything available to it and hand it over to whatever site it feels like, and only people who have JB-ed their phone would know.
Android, it is more obvious because you don't have to jailbreak it to see the programs phoning home.
For example, take some of the photo editing apps on the iPhone. If you look at them, they appear to just uplaod your photo to a website and do the core editing via that as opposed to the application doing much. So, that private photo you decide to use a 99 cent app to make humorous? It is now on someone's Web server, and they can (in theory) claim full ownership and copyright of the image at any time.
For the tl;dr crowd, iPhone apps are just as nasty, but they hide it better, being impossible to trace unless one jailbreaks their device.
When simple one-player games and such say they require full internet access I think "that may be for ads". When they require access to contacts, SD card, etc... That usually means don't install it. Unfortunately most of the apps I've looked at require full internet access AND access to contacts and don't get installed as a result.
Developers often say, "oh, we are not reading your phone number, just your IMEI to ensure your identity".
The IMEI doesn't ensure the user's identity, just that of the handset. Pull out the SIM and put it in another handset (assuming AT&T, the only U.S. nationwide provider for which this actually works and which isn't an acquisition target), and the subscriber's identity follows the SIM (hence the name Subscriber Identity Module).
They still have access to the phone number, why not fine-grain it
Yeah, why not? To ensure the user's identity, perhaps the OS should make available the hashed phone number: the application can make sure the subscriber hasn't changed but not use it to make voice calls or send text messages.
LBE Privacy guard, Droid wall, or just a ADB terminal and iptables
Which requires 1. phones to have a security vulnerability that allows rooting, 2. users to know how to root a phone, 3. users to somehow learn that they should install a firewall on their phones, and 4. users to somehow learn which firewall programs are safe and which are not (see also fake antivirus on Windows).
Wow! CTO of company that makes money selling security software for Android says that Android has security problems!
If you think you can get honest and objective info about this problem from the CTO of a company that is in the business of selling solutions to the problem, then you should not be allowed to use the Internet.
I'm not saying that there isn't a problem - I'm just saying that this is so obviously the wrong source that it is no better then an advertisement.
Not sure if you're aware of how percentages work... http://en.wikipedia.org/wiki/Percentage
The other part of the solution is to run a closed market, and be picky about what apps you allow. If the developers of security software have nothing to sell on your platform, they won't go blabbing about the security holes to try to sell their product.
what exactly is an "unauthorized server?" Given that Android enforces constraints (permissions) when you install an app, are they claiming that there are apps which can get Internet access without explicitly being granted permissions by the user when installed?
"National Security is the chief cause of national insecurity." - Celine's First Law
And what makes you think either of those platforms are any better?
At least on Android you always see what permissions an app is requesting before you install it. The same is not true on iOS
No wonder most apps don't make money.
What about the deodorant with those wings? I want it also to smell like unicorns, fairies, and butterflies all farting together in a cornucopia of joy!
"I say we take off, nuke the site from orbit. It's the only way to be sure."
The other part of the solution is to run a closed market, and be picky about what apps you allow. If the developers of security software have nothing to sell on your platform, they won't go blabbing about the security holes to try to sell their product.
Yeah, because a vulnerability in the inbuilt PDF reader will never be exploited...
So lets all stick our heads in the wondrous sand of a walled garden and pretend that security holes dont exist because we aren't allowing security experts to say anything.
Calling someone a "hater" only means you can not rationally rebut their argument.
And you're better off with remote PDF security bugs that can result in total takeover of you device. And it will all be hushed up to maintain the mantra that "Macs don't get malware and viruses"...
When simple one-player games and such say they require full internet access I think "that may be for ads".
Not all games whose action is single-player are purely single-player; many include a multiplayer metagame. This includes the ability to upload scores or other achievements to a server, to download other players' achievements for comparison, and to verify that other players' achievements were earned through legit play.
When they require access to contacts, SD card, etc... That usually means don't install it.
As for contacts, I agree with you, but a lot of programs require access to the SD card because the device's internal storage is too small to hold all data (meshes, textures, sound, etc.) that pertains to the game.
Fine then... ask for permission to contact someapplicationpage.com instead of the whole freaking Internet.
And run an open HTTP tunnel on someapplicationpage.com. You see, a device can't always enforce a privacy policy.
I checked a tetris like game that want to access your GPS location, your contact list and the internet. Why ?
Internet? Upload high scores, as Elbereth mentioned. GPS? To keep you from playing in another country where a different company has the exclusive license for the Tetris brand. But contact list? Don't know; that would raise my suspicion.
At some point, don't they have all the information about us? Given all the security breaches in everything we do, you would think that the market of this information would eventually be saturated. What more do these people want to know? The size of my johnson?
Seriously, I'm looking for somebody that understands what's going on to explain this to me. What use is all of this information?
I use the LBE Security app which allows me to more closely control what I want an app to have access to, it's a bit like a permissions based firewall - you can block specific permissions on each app. It does result in the odd FC if you tighten it down too far on everything but it's usually possible to find a workable combination. e.g. permit an app to access the phone id. (which it expects to always have access to and which causes it to FC if not) but then block it's access to the network (which cannot always be expected to be available)... so what if it knows the id. if it cannot report it.
Go permanent? In your dreams and my worst nightmares.
There are many apps which require excessive permissions without any reasonable explanation. Many of these appear as close-to-identical apps to shotgun better. I am surprised its only 8%.
Most apps are a ad based and require Internet access. Google would lose a lot of devs if it did this
null
Good luck flogging that dead horse. No one is interested in your windows phones.
I think what the poster was referring to, and you obviously missed, was how we are subjected to this nonsense that the Android platform is inherently open because you can get any app from anywhere because it's all so "open" (yes, I get the difference between app and OS). As it turns out open isn't necessarily better, it's just open, and that comes with its own drawbacks.
You do understand that a phone is not a Mac, right?
Or just getting a rootable phone from the get-go (such as the Nexus *)
I can't really afford $70 per month for phone service, and I imagine that a lot of other people have an entry-level Android-powered phone on a $25 per month plan, such as LG Optimus V or Samsung Intercept, because they're in the same position. The LG Optimus V was rootable as of January 31, 2011, but the article appears not to have any updates as to whether it is still rootable. Are there any Android-powered phones that are 1. designed from the ground up to be rootable and 2. available on a pay-as-you-go carrier?
Actually, Apple specifically points out in their review process that apps that ask for location data without an obvious legit reason are rejected.
Actually, Apple specifically points out in their review process that apps that ask for location data without an obvious legit reason are rejected.
Given the fact that Apple has given permission via the EULA to allow applications to send information back to their own servers (after which they can do what they wish with it) and their lack of ability to keep out non-legit data miners I dont have a lot of faith in the walled garden approach.
Calling someone a "hater" only means you can not rationally rebut their argument.
Installation to SD is one possibility too, but why would something like a Tetris clone need access?
Let me guess: you haven't seen the FMV opening cut scene in Tetris Worlds for PlayStation 2. Tetris products are a lot bigger than they used to be: from the 26 KiB of Tetris 3.12 for MS-DOS (1985) to the 32768 KiB of Tetris DS (2006).
10000 and 800 are not round numbers.
Search RapidShare and MegaUpload!
My impression is that at least in Europe it's cheaper in the long run to buy the phone unlocked and search for a provider on the side
And it's the exact opposite in the United States, where there are no truly unlocked phones. Each phone is either locked to Verizon (a CDMA2000 provider), locked to Sprint (a competing CDMA2000 provider), locked to AT&T (a GSM provider preparing to acquire the only other nationwide GSM provider), or "unlocked" GSM. The trouble is that "unlocked" GSM phones work only on GSM providers, and once AT&T buys T-Mobile's USA operations, GSM phones will work only with AT&T. And even if you buy your phone up front instead of subsidizing it with a contract, there's no discount on the monthly service.
All this makes it all the more expensive for a U.S. customer to "just get[] a rootable phone from the get-go".
Right now I'm paying around 10€ per month for the network service (8€ for flat rate internet and the rest for talk and SMS which I don't use much).
In the United States, that would cost $70 per month on a contract provider or $25 per month on a prepaid provider, and all the prepaid providers lock their phones.
Yeah, you made that pretty obvious. However, I am pointing out that Apple IS making an effort to blunt apps that do pure data-mining. Something Google is NOT.
This link was posted earlier by choko, but it bears repeating since I see this or similar statements all through this article's comments. It's about a report from the Wall Street Journal that showed over half of the popular iPhone apps they tested sent personal information without asking permission.
God is imaginary
Why is it that whenever these types of articles come up it's next to impossible to find the actual list of offending apps, if at all. So which are the 11 apps that send SMS out without permission?
I never disputed as such. My only point was about Apple nixing applications that collect GEOGRAPHIC information without a legit reason.
Fair enough.
God is imaginary
Import one from China.
They're all made in China. I assume you mean buy a phone not associated with a well-known worldwide brand. But do these have access to Android Market? And with which U.S. prepaid carrier would I activate a Ctone T01 should I decide to buy one? This announcement mentions GSM but not CDMA, leaving AT&T as the only choice once AT&T completes its acquisition of T-Mobile.