Slashdot Mirror

← Back to Stories (view on slashdot.org)

8% of Android Apps Are Leaking Private Information

Posted by samzenpus on from the sieve-phone dept.

kai_hiwatari writes "Neil Daswani, who is also the CTO of security firm Dasient, says that they have studied around 10,000 Android apps and have found that 800 of them are leaking private information of the user to an unauthorized server. Neil Daswani is scheduled to present the full findings at the Black Hat Conference in Las Vegas which starts on July 30th. The Dasient researchers also found out that 11 of the apps they have examined are sending unwanted SMS messages."

5 of 159 comments (clear)

  1. Poor security/subterfuge/sloppy coding by justsomecomputerguy · · Score: 5, Funny

    Vendor: "I'm shocked, SHOCKED to find information being leaked here!" Waiter: "Here's your mined data sir..." Vendor: "Thank you"

  2. Permissions by Anonymous Coward · · Score: 5, Insightful

    I think a finer control over permissions for applications is required. Some applications ask for something like "ability to make calls", so that feature X works. If you don't care about feature X you should be allowed to deny such permission.

    Another example, the permission "read phone state and identity". Developers often say, "oh, we are not reading your phone number, just your IMEI to ensure your identity". They still have access to the phone number, why not fine-grain it and say: "ok, the IMEI, that is ALL you can see".

    1. Re:Permissions by elashish14 · · Score: 5, Informative

      I remember someone had a /. sig with a link to a feature request for Android that users could simply choose which permissions they want to allow an app to have at installation. I think this was the link: http://code.google.com/p/android/issues/detail?id=3778. It seems to have a lot of support, but apparently we need more!

      I also found this one too: http://androinica.com/2011/05/cyanogenmod-nightlies-secures-android/. I didn't read the link in much depth, but apparently it can do just what you describe if you root and install Cyanogenmod

      --
      I have left slashdot and am now on Soylent News. FUCK YOU DICE.
  3. Have we learned nothing... by Trufagus · · Score: 5, Insightful

    Wow! CTO of company that makes money selling security software for Android says that Android has security problems!

    If you think you can get honest and objective info about this problem from the CTO of a company that is in the business of selling solutions to the problem, then you should not be allowed to use the Internet.

    I'm not saying that there isn't a problem - I'm just saying that this is so obviously the wrong source that it is no better then an advertisement.

  4. Re:iPhone apps are just as bad... by bonch · · Score: 5, Insightful

    This study looked at 10,000 Android apps. Your claim is that iPhone apps are "just as bad," which implies that you also studied 10,000 iPhone apps and that 800 were found to be leaking private data. Could you provide the link to your study, or is all you have an anonymously posted anecdote about running Cydia on your single phone without any examples given of the apps you're describing?