Searching in Android apps reveals no indication that apps are listening to audio – IT Pro – News

A group of scientists, mainly from Northeastern University, analyzed 17,260 Android apps, examining audio and video recording and transmission. They found no indication that applications were listening to audio.

Scientists analyzed a total of more than 17,000 Android apps for their search, including 15,627 unique apks from the Google Play Store. The rest of the apps came from other app stores, such as AppChina, Mi.com and Anzhi. From the entire collection, they did a static analysis, looking at the permissions for the camera and the microphone, the API references in the code and whether those references came from the developer of the application or from a third party. They also performed a dynamic analysis, watching the traffic that an application sends over the network, focusing on videos, audio and images. Although they found no indication that applications secretly record audio and then transmit it, they encountered a number of other phenomena on which they express their concerns.

A first finding is that many applications require permissions for the use of camera and microphone. in the case of Google Play apps, about 80%, but permissions are not always really used. This would be a risk because third-party software libraries may abuse these permissions without the application developer being aware of them. They provide various explanations for the phenomenon, including the assertion that there is little documentation on the relationship between permissions and the corresponding APIs. In addition, sdk's "copy-paste instructions" with too many permissions could cause this phenomenon.

In addition, research has shown that only a fraction of the applications studied actually produced a leak of media, where, for example, against the expectation of the user in the files multimedia have been sent over the network. The researchers did not have enough resources to analyze all the applications, so they were limited to a selection of 9100. It turned out that 21 applications sent media, 20 images and one to the video. They rated nine applications as media, which represents about 0.01%. For example, photo editing applications sent unsolicited images to a server

Researchers highlight various interesting discoveries in their paper, including the application that sent the video. It has turned out to be the GoPuff app, a kind of delivery service. This has sent images of all the interactions after starting the app to an Appsee domain, a service that promises to provide insight into how users interact with an app. A GoPuff spokesperson tells Gizmodo that he has now removed the Appsee sdk from its apps. Appsee tells the site that the behavior of the application is due to GoPuff, because the developers have abused its service and violated its terms.

One of the article's authors told Gizmodo: "We have seen no evidence that people's conversations are secretly recorded." He adds, "What people do not seem not understand, it is that there are many other follow-ups in everyday life that do not use the camera or microphone of your phone and which give a third party a complete picture of you. "In their research, scientists name possible shortcomings in their method, with which they indicate that they may have overlooked other leaks . The researchers want to present the paper entitled Panoptispy: Characterizing the Audio and Video Exfiltration from Android Applications at the Symposium on Procedures for the Protection of Privacy in Barcelona.