Researchers have discovered more than 1,000 Android applications that can bypass the restrictions imposed by the operating system and get establish user geolocation, mobile device identifiers, and other important data.
Google said that this problem will not be fixed until the release of Android Q. Specialists from the International Institute of Informatics (ICSI), a non-profit organization, argue that the study analyzed 88,000 applications from the official Google Play store.They were able to identify 1325 Android applications that collect data from a smartphone, even after the user rejected their requests for appropriate permissions in the system.
Serge Egelman, director at the Internation Computer Science Institute, presented his relevant report at the PrivacyCon conference.
“Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it. If app developers can just bypass the system, then asking consumers for permission may be meaningless”, — explains Egelman.
The expert claims that he informed Google about the problem back in September last year. The American Internet giant has assured that it will eliminate the problem with the release of Android Q, which is scheduled for release this year.
Google plans to hide geolocation from photos, as well as oblige applications using Wi-Fi to access the location.
For example, the Shutterfly photo editing application, as CNet reports, it collected GPS coordinates from user-generated pictures.
“Some apps were relying on other apps that were granted permission to look at personal data, piggybacking off their access to gather phone identifiers like your IMEI number”, – researchers say.
There are 153 applications with this capability, including Samsung Health and Browser applications, which are installed on more than 500 million devices.
Egelman said he will be releasing details with a list of the 1,325 apps the researchers discovered when he presents the study at the Usenix Security conference in August.
