Researchers at Penn State University Unveil Firmware to Track Android Apps Leaking Private Data

Written By Sam on 18 October 2010

A yet to be presented paper, titled ‘TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones’ revealed just how much private data third party apps on smartphones mine and then send to ad sites. Despite efforts by Google, developers of the Android platform, to curb this sort of invasion, app developers continue to find workarounds to sell users data to advertisers. Researchers at Penn State University are reported to have used a modified Android firmware, TaintDroid, to monitor information that apps collect and track where it is sent to. After using TaintDroid, seven apps were found sending IMEI information, 15 sending location information, and two sending phone numbers and, most importantly, all sent it to remote servers. “In all, two thirds of the applications in our study used sensitive data suspiciously,” the paper concludes. TaintDroid, however is not foolproof and may not have tracked all data leaving the devices it was tested on.

Smartphone apps may combine data from the cloud with data from the device such as location data. This can present several reasons for an app to collect user privacy data. The Android platform as of today, does not allow a user to control what happens to the data collected. Surprisingly, although two of the 30 applications tested had EULA (end user licence agreements), none mentioned that data would be collected and sent to an advertising server. This is disturbing news for users as they can now become victims of targeted advertising, as data including contact details from their phone book and even their geographical location is being broadcast without their knowledge.

To counter this, a google representative said that users must approve the data transmission while installing an app. Users, however, must remain cautious and monitor what data an app requests to collect and decide whether or not it is essential to the running of that app.

Leave your response!