Phone applications do not secretly listen to your calls: but what they do is "alarming"



[ad_1]

Video: Apple's Tim Cook says better regulation is needed after the Cambridge Analytica scandal

For years, people have suspected apps on their phone to listen to this that they say after seeing advertisements for things they have never talked about.

But, as reported by Gizmodo, researchers at Northeastern University who badyzed more than 17,000 popular Android apps found that none of them activated the microphone and sent a message. Audio without a prompt from the user.

Of course, this does not mean that applications do not secretly listen to you through your phone's microphone, but if they are, they have found no evidence of that.

The researchers of nonetheless declare that they found "alarming" privacy risks in the Android ecosystem after discovering that some applications share image and video data with third parties without the need for it. the user knows or agrees to it.

More than 9,000 of the 17,260 apps in the study have camera and microphone permissions. The researchers used 10 Android phones to watch the traffic generated by them when their software interacts with applications.

They found that some applications transmit screen recordings and video recordings of what people are doing in the software.

One of the applications that displays this behavior is goPuff, a food delivery application, which records how the user interacts with the application and sends the data to the company's business. Appsee mobile badysis.

The main problem that researchers are finding is that it is not clear to the user that these data are captured and shared.

The goPuff app uses the Appsee badytics library, which is promoted as a tool to help developers fix bugs and promises developers to "[w] launch each user action and understand exactly how they use your application, what problems they encounter

The service is similar to session replay scripts that help website owners understand how users interact with the site, but present a potential risk of privacy because they can replay keystrokes, mouse movements and scrolling as well as the content of the page

This process is risky when users interact with a page that they used to enter personal or financial information.

this case, the researchers only found that the postal code of a user is exposed to Appsee, but they note "Appsee does not require any special permission to register the screen, nor to notify the user that it is being recorded."

Appsee explained to Gizmodo that the developers can blacklist sensitive parts of the app to prevent Appsee from saving it.

However, as the researchers point out, few developers using Appsee use this method to avoid sensitive data.

The researchers reported the problem to Google, which reviewed the findings and determined that some of Appsee's services might endanger some developers by violating the Google Play policy. "

" We work closely with them. appropriately communicate the functionality of the SDK with the end-users of their applications. "

Previous and related coverage

Android P prevents applications from silently using the camera and microphone of your phone

Android P improves privacy by preventing applications in the background to save or take pictures.Even if they are not on Play Store

Unless the apps reveal the personal data they collect, Google slaps them with the warnings of secure browsing.

New LTE attacks can spy on messages, track locations

One of the ten attacks can create an "artificial chaos" by sending false emergency alerts to a large number of devices

Android Security: this newly discovered espionage tool has remarkable spy capabilities

malware can steal WhatsApp messages, spy targets based on GPS coordinates, and more.

Google AI will alert you when someone peeks at your TechRepublic smartphone

to opt for an "electronic screen protector" that will warn smartphone users when someone? one looks over their shoulder.

Mozilla Firefox tries to close more holes of confidentiality with the new network technology CNET

Mashing up two network technologies – DNS and HTTPS – thwarts in searching and falsifying.

[ad_2]
Source link