Tag Archives: android application spy

Are Android applications spying on You?

Are you an Android User? Do you download and install apps from Android Market? You are popular because you are affected by We-Know-Where-You-Are and What-You-Did-Last-Week attacks.

Not only if you are a user of Google Latitude or Facebook Places or Foursquare app, who like to share your location with friends, others and family, but also other apps that you are using on your Android phone will be sharing your physical location to its advertiser (even without your knowledge and approval).

According to the research people from Penn State, Duke University, and Intel Research Labs, the Android applications that were installed were gathering location details from people using GPS supportable handsets and was sending them without the users’ approval or notification.

30 famous Android apps like BBC News Live Stream, Evernote, MySpace, Spongebob Slide, The Weather Channel, and Yellow Pages were tested. TaintDroid, a homemade tool was used to follow what data were shared and with whom. The results were:

* 2 out 3 apps had violated the user privacy by sharing unauthorised location details or info that was referring to individual people’s mobile.

* Nearly 15 apps sent the user location info to ad companies like Admob or Analytics, firms like Flurry without the users’ knowledge.

* 7 out of the 30 had sent the unique device identification number of the GSM handset and the SIM number to its servers.

* 2 of the applications gathered the users’ mobile number, the ID number and the users’ geo coordinates.

Even if the Police want to access these details, they need a court’s order. But, these apps are doing it pretty neatly and easily without you notice and are storing them on to their servers and sharing it with advertisers.

This shows the inability of the Android apps that has no access control and thus users have no protections against these and they are free to collect these sensitive details. One app was sharing phone details, every time when it is restarted. The terms of use for the app is also not referring anything about accessing these sensitive data.

The name of these apps was not released, making us ignorant of the good and bad ones, it would be better to delete them all.

List of tested apps:

  1. 3001 Wisdom Quotes Live
  2. Antivirus
  3. ABC Animals
  4. Astrid
  5. BBC News Live Stream
  6. Barcode Scanner
  7. Blackjack
  8. Bump
  9. Babble
  10. Cestos
  11. Coupons
  12. Dastelefonbuch
  13. Evernote
  14. Hearts
  15. Horoscope
  16. ixMAT
  17. Knocking
  18. Layer
  19. MySpace
  20. Manga Browser
  21. Movies
  22. ProBasketBall
  23. Ringtones
  24. Solitaire
  25. Spongebob Slide
  26. Traffic Jam
  27. Trapster
  28. The Weather Channel
  29. Wertago
  30. Yellow Pages

Even a simple app could transmit your locations status 24 x 7, which according to the law can be done nothing.

We only come to know about the problem we face from Android apps, but we will face such problems even in apps from other mobile OS. Android apps being open source, the test was conducted easily by the research team, leaving out other company apps.