As it happens, even if you do not allow access to your Android application location or read the details of your device, the app can still know your location or other details on your Android device. In other cases, where applications simply do not require special permissions, they can still be a compilation of much more detail than you can imagine. The researchers claim that thousands of Android apps have found ways to skirt Android system permissions to track details they should not be able to do.
According to a study recently submitted to the PrivacyCon 2019, this study was also shared with Google and the Federal Trade Commission (FTC) of US. Thousands of Android apps have found ways to collect information such as the Mac device address, location, IMEI phone number, etc., even if they do not have the necessary permissions to access these devices.
The research report, published by researchers at the University of California, Berkeley, the University of Calgary, and the IMDEA Networks Institute, reveals that they have tested a total of 88,000 Android apps and many of them are using hidden and lateral channels to discover the users Location data and persistent IDs without explicit permissions.
The researchers discovered that the third-party libraries provided by Baidu and Salmonads independently use the SD card as a hidden channel to store the IMEI information of the phone, so that other applications cannot access it. They discovered that 13 applications were using this hidden channel to obtain IMEI information and that 159 applications had the potential to do the same.
In addition, they found at least one application, Shutter fly which used image metadata to access accurate location information for users without location permissions. In addition, some applications used the MAC addresses of Wi-Fi base stations connected from the ARP cache (Address Resolution Protocol Cache) as a substitute for location data. 42 applications with Unity SDK have obtained the MAC address of the device via calls to the ioctl system and more than 12 000 applications with the corresponding code.
According to the researchers, Google responds to a number of issues raised in its research with Android Q. However, these solutions will only be available to consumers who purchase a new phone with Android Q or who have a lucky phone to receive Android Q discount. The researchers suggested that Google treat these privacy issues as serious security vulnerabilities and provide fixes as part of the monthly security patches for all supported versions.
Your email address will not be published. Required fields are marked *