Android: apps do not hesitate to take screenshots



[ad_1]

Indiscreet Android Apps? According to researchers at the University of Northeastern University, in the United States, some applications do not hesitate to take a look at what you do on their applications, see filming your actions before you do upload these images to the developers.

The study carried out by the researchers dealt in a rather general way with the leaks of personal data found within Android applications. The researchers therefore made up a panel of just over 17,000 popular applications on different App Store, including the Google Play Store, to study the permissions that were requested from the user and compare it with the data. which were sent by the application.

Researchers have found that developers use several tools of this type, but highlight the role of a particular company, called AppSee. This company provides an advanced tracking tool, presented as a simple tool for badyzing the behavior of users on an application; but the researchers reveal that this module is particularly inquisitive when it is deployed within an application: it allows indeed to take screenshots of the user's activity, as well as short video clips, in order to make them go back to the developers.

Testfairy, Appsee and company

AppSee uses this technique to provide developers with feedback on the use of their applications: using this data, applications can collect valuable data about their users' behavior. Other SDKs provided by other companies are positioned on the same vein: researchers cite the case of Testfairy software, a software library embedded by certain applications and which also proposes to send developers screenshots tracing the course of the users in the application.

The problem here lies in the notion of consent, a particularly controversial area since the entry into force of the GDPR. Technically, these software libraries can capture personal data belonging to a user and send it to developers without his knowledge.

But researchers also point out that applications using these tools require permission in the vast majority of cases, although the fate of the data thus recovered is rarely clarified by application developers who use this type of software. programs.

According to Gizmodo quoting a spokesman for Google, some of the behaviors provided by AppSee conflict with the rules in force on the Google Play Store. But Google said it is working with developers to encourage them to be more transparent about the features embedded by third-party programs within applications.

Far from being an isolated phenomenon

This type of feature has been pointed out in the past by researchers at Princeton University, who were focused on the web side. The popularization of services offering "Session replay script" is indeed a growing trend on websites and there was no reason that Android applications escape this trend. But after the many scandals that have touched big players on the thorny issue of personal data protection, the development of such practices questions.

In their study, the researchers explain that they found no trace of audio recording made without the knowledge of the user via the applications, seriously damaging the myth of spy phones that would listen to us constantly. Many people see this as the focus of the study, but the researchers mention several limitations at the end of articles, which recall that their badysis has several blind spots and is not able to detect for example the sending of a transcription of an audio conversation picked up by the microphone, or the sending of audio files protected by HTTPS encryption technology.

We can also recall the economic model of some trackers such as Sync2Ad, whose technology consists in making an audio impression of the user's direct environment in order to be able to display advertisements synchronized with a TV program that the user of the application would be watching. In these conditions, it is difficult to say that your phone does not listen to you: it has certainly asked you for permission at one time or the other without going into too much detail.

[ad_2]
Source link