The study, entitled "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones", found that out of the 30 random Android applications across 12 different categories that were studied there were "68 instances of potential misuse of users' private information across 20 applications."
Out of the 30 random Android applications, 21 of them required the users permission to "read the phone state and the Internet" upon install. Even more mysterious? Two of those 21 applications actually sent the test device's phone number, IMSI code, and ICC-ID number back to their server, all without the user's permission. On several occasions the phone's IMEI code was shared as well.
Of the 30 apps tested:
- Half "exposed location data to third-party advertisement servers without requiring implicit or explicit user consent."
- Only two of the apps tested even bothered to present the user with a EULA (end-user license agreement) upon installation -- however, neither informed the user that their data would be shared in any way.
- 5 shared location info with ad.qwapi.com
- 5 shared location info with admob.com
- 2 shared info to ads.mobclix.com
- 4 sent user location info to data.flurry.com
Protect the good citizens of the world from big, bad Android app spies. Get a job in tech today! Visit http://www.techcareers.com/
By: Bambi Blue
Bambi Blue is a freelance writer, editor, and codemonkey living in Ottawa, Ontario, Canada. She moonlights as a jazz musician, a social butterfly, and most apparently a weisenheimer. Loves to cook, hates to clean, and can easily be found on Twitter.
Become a member to take advantage of more features, like commenting and voting.
Register or sign in today!