Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday March 29 2020, @10:58PM   Printer-friendly
from the what's-in-your-app-catalog? dept.

Arthur T Knackerbracket has found the following story:

More than 4,000 Google Play apps silently collect a list of all other installed apps in a data grab that allows developers and advertisers to build detailed profiles of users, a recently published research paper found.

The apps use an Android-provided programming interface that scans a phone for details about all other apps installed on the phone. The app details—which include names, dates they were first installed and most recently updated, and more than three-dozen other categories—are uploaded to remote servers without permission and no notification.

Android’s installed application methods, or IAMs, are application programming interfaces that allow apps to silently interact with other programs on a device. They use two methods to retrieve various kinds of information related to installed apps, neither of which is classified by Google as a sensitive API. The lack of such a designation allows the methods to be used in a way that’s invisible to users.

Not all apps that collect details on other installed apps do so for nefarious purposes. Developers surveyed by the researchers behind the new paper said the collection is the basis for launcher apps, which allow for the customization of the homescreen and provide shortcuts to open other apps. IAMs are also used by VPNs, backup software, notification managers, anti-malware, battery savers, and firewalls.

But the data grab can also be used by advertisers and developers to assemble a detailed profile of users, the researchers reported in their paper, titled Leave my Apps Alone! A Study on how Android Developers Access Installed Apps on User’s Device. They cited previous studies such as this one, which found that a single snapshot of apps installed on a device allowed researchers to predict the user’s gender with an accuracy of around 70 percent. Follow-on findings by the same researchers expanded the demographics that could be deduced to traits such as religion, relationship status, spoken languages, and countries of interest. A study by different researchers said user demographics also included age, race, and income. The research also found that a user’s gender could be predicted with an 82 percent accuracy rate.

“As other privacy-sensitive parts of the Android platform are protected by app permissions, forcing developers to explicitly notify users before attempting access to these parts, [it] begs the question on why IAMs are treated differently,” the researchers, from the University of L’Aquila in Italy, Vrije University in Amsterdam, and ETH in Zurich, wrote in the latest paper. “Indeed, the European Union General Data Protection Regulation (GDPR), generally regarded as the forefront in privacy regulations, considers ‘online identifiers provided by their devices, applications, tools, and protocols’ [...] as personal data, for all purposes and means.”

[...] As noted earlier, there are legitimate reasons for apps to collect details of other installed apps. But there’s also reason for concern. This latest research only reinforces the advice I’ve long given that Android apps should be installed sparingly and only when they provide a clear benefit. It also helps to favor fee-based apps over free ones, since the latter category is more likely to depend on advertisements for revenue. Open source apps are also shown to collect less app data, but they also require users to allow installations from third-party marketplaces.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday March 30 2020, @07:13AM (1 child)

    by Anonymous Coward on Monday March 30 2020, @07:13AM (#977128)

    You may wish to install Blokada from FDroid, you'd be surprised how many connections to questionable URLs it blocks. Mine has blocked over 60,000 since November though I do own a Xiaomi phone.

  • (Score: 4, Interesting) by Snotnose on Monday March 30 2020, @12:31PM

    by Snotnose (1623) on Monday March 30 2020, @12:31PM (#977176)

    I assume Blockada is a firewall type app. I installed something similar on my old phone and noticed my battery life went to hell. Uninstalled it, battery life went back to normal.

    But yeah, it was amazing how much crap my phone sends out to "someone".

    --
    Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.