[ad_1]
Thousands of popular applications from the Google Play Store can bypass permissions to collect user data, according to the nonprofit research center International Computer Science Institute, a partner of the University of California at Berkeley. Applications work around restrictions by searching for "secondary channels" or "hidden channels", such as collecting data from applications with these permissions, which can affect hundreds of millions of Android users.
Researchers found about 60 Android applications, which have been downloaded millions of times, are already doing so. Many others are built with code that could allow them to do the same thing.
The study also points out that Android permissions make it difficult to know how an application will share information and under what circumstances, even when users agree to share data.
"These deceptive practices allow developers to access users' private data without consent, compromising their privacy and raising legal and ethical concerns," the researchers wrote.
The researchers contacted Google to find out what they found and the company paid them a bug bonus. Google says that problems will be addressed in the next big Android update, called Android Q, expected later this year.
The study was sponsored by the US National Security Agency's Science of Security program, the Department of Homeland Security and the National Science Foundation, among others, and was presented at the PrivacyCon conference of the Federal Trade Commission last week.
The researchers downloaded and analyzed the most popular apps in each category of the Google Play Store, totaling 88,000.
In some cases, applications that were allowed to access information such as location data stored it on the phone's SD card, where applications without appropriate permissions could access it.
In other cases, users may have technically given the application access to the data without understanding exactly what they were agreeing to. For example, photos often include metadata such as the time and place where they were taken, which means that an application can see the location of a user even if it was not allowed.
"We note that these feats are not necessarily malicious and intentional," the researchers wrote.
Google says Photo location information will be hidden by default for applications that request photos on Android Q unless developers specify it. on the Google Play Store if their app is able to access the location of a photo. The update will also require applications that collect information about Wi-Fi hotspots (which, according to the researchers, are de facto location data), must have permissions location. Apple has also recently announced its willingness to crack down on applications using Wi-Fi and Bluetooth connections to collect location data in its next iOS update.
The study reinforces concerns about how Big Tech companies manage and protect (or not sufficiently protect) users' privacy. Google (GOOGL) CEO, Sundar Pichai, said during a congressional hearing that the company was collecting a large amount of user data and was offering users tools to determine how much information they allowed to Google and Android operating system applications to collect. However, he conceded that the company could do more.
"I do not think users know how their data is used, I think we've put the burden on users to a large extent," Pichai told Poppy Harlow of CNN last month. "I think we need a better framework where users have the assurance that they master their data, their usage."
[ad_2]
Source link
