Researchers noticed that some apps utilizing the Baidu SDK might be making an attempt to quietly obtain this data for their use. Even though you had denied Shutterfly to access your location data, it was collection location data through photos.
Researchers also found that some apps were piggybacking off of permissions granted to other apps on a user's device.
Researchers recently found that more than 1,300 apps on the Google Play store secretly collected data such as geolocations and device identifiers - even after they were denied app permissions.
The study took a look at 88,000 Android apps and investigated how they handled data when permissions were denied. It also will require apps that work with Wi-Fi to get permission to receive location data. If a user let one app access data on an SD card, for example, another app without that permission could still read its contents.Читайте также: Target targets Amazon Prime Day with 'Deal Days'
Another app the study calls out is the photo app Shutterfly for sending Global Positioning System coordinates to the company's servers without asking the user for permission. There were only 13 apps engaging in this privacy crushing practice but the apps were installed more than 17 million times. Among the personal data that can be stolen with this method is a handset's unique IMEI number. Shutterfly had been collecting location data from photos stored in the mobile and sending the data to its own servers.
Apps from companies like Samsung, using SDKs built by analytics firm Salmonads as well as China's Baidu, are called out in the study.
In late June, director of usable security and privacy research at the ICSI, Serge Egelman presented this study at the Federal Trade Commission's PrivacyCon. Of these, they found 1,325 apps that violated the permission policy and relied on workarounds to retrieve user data without their knowledge. Google has now announced that they will fix this issue in the upcoming Android Q update which will be released later this year.
Egelman will be presenting more detailed information about the research findings at the Usenix Security conference in August, according to the online technology publication CNET.При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2019 Copyright.
Автоматизированное извлечение информации сайта запрещено.
Код для вставки в блог