It is widely known that the world of Android apps is quite tenacious. Due to the open nature of Android devices, users and programmers have immense control over the devices ecosystem. With this, of course comes that trade that hackers have a swath of tools and channels at their disposal as well. Fortunately, it seems that hacking has never been of too huge a concern in the Android community. Unfortunately, that is because Android user have to worry more about legitimate, Google approved apps from stealing their data. In an article posted first to Ars Technia, and then to their sister company WIRED, Dan Goodin reports on research that details just how intrusive the average app is.
The article begins with quite the slap to the face. Goodin says that, according to the research paper he is referencing, “More than 4,000 Google Play apps silently collect a list of all other installed apps in a data grab that allows developers and advertisers to build detailed profiles of users”. That number may not sound like a lot, but the truth of the matter is that there are certainly more out there, since these apps utilize an interface directly provided by Google. The ease of which these apps can reach the information is deeply troubling, especially since Google is opening the gates for them. The data “which include names, dates they were first installed and most recently updated, and more than three dozen other categories—are uploaded to remote servers without permission and no notification”. Google’s API has flatly ignored these issues, listing the method of retrieval known as IAM (Android Installed Application Methods) as non-sensitive. Recently, Google has put forward changes in their latest firmware, but what exactly this will achieve remains to be seen as it is still in beta.
While the data retrieved may not be all that damning, it still supplies an impressive amount information on the user. With this light amount of data, researchers could “predict the user’s gender with an accuracy of around 70 percent”. Clearly, the data tells a lot more about us than what we should be comfortable with, especially since the data is taken with no permission requests. While Google is clearly trying to make some sort of change, under the update “apps still wouldn’t be required to disclose their collection of details about all other installed apps” directly.
The article closes with some numbers on the apps mentioned. Of the small number of apps studied, “30 percent” used IAMs to trap data. If you were to expand the percentage over the entirety of Google Play’s app store, we are sure to be nearing the millions of intrusive apps. Google tends to hang its hat on how open and safe it’s devices are. The freedom of choice should not come standard with the fear of regret. Google seems eager to change the nature of how data is collected, but ultimately the problem lies with transparency. As long as these apps, new firmware or not, can take data without directly disclosing it in plain text to the user, the developers have failed their userbase. Hopefully the information in the article picks up steam, forcing Google to make the necessary changes to protect their users.
Source Article: https://www.wired.com/story/thousands-of-android-apps-are-silently-accessing-your-data/
Social Structures & Algorithms 