|Thousands of Android apps can track your phone|
Thousands of Android apps can track your phone
Thousands of Android apps can track your phone, even if you refuse permissions, Android Q may have fixed, but when do you get them?.
When you explicitly tell the Android app, “No, you do not have permission to track my phone,” you might expect that it will not have the capabilities to do so.
But researchers say thousands of applications have found ways to trick Android’s Android system, phone calls with your device’s unique identifier, and enough data to detect your potential location as well.
Even if you say “no” to an application when asking for permission to see these bits personally identify the data, it may not be enough: the second application with permissions that you have agreed can share these bits with the other or leave them in a shared storage space where an application Another – potentially harmful – application to read it.
The two applications may not appear to be linked, but the researchers say that because they are configured with the same SDKs, they can access that data, and there is evidence that SDK owners are receiving it.
It seems like a child is asking for candy and a parent tells him “no”, so they ask the other parent.
According to the privacy 2019 study, we’re talking about apps like Samsung and Disney that have been downloaded hundreds of millions of times.
Using the software development tools (SDK) created by the Chinese search giant Baidu and an analytics company called Salmonids that can transfer your data from one application to another (and to its servers) by storing it locally on your phone first.
The researchers saw that some applications that use the Baidu SDK may try to get this data quietly for their own use.
Secret channels and side channels
This is in addition to a number of side channel gaps found by the team, some of which can send home the unique MAC addresses of your router, network router, wireless access point, SSID, and more.
“It is now well known that it is a very good alternative to location data,” said Serge Egelman, research director of the ICSI Security and Protection Group at the launch of the private study.
The study also assigns the Shutterfly application to send the actual GPS coordinates back to its servers without permission to track the sites – by collecting data from the initial EXIF data of your images – although the company denied that it collected the data without authorization in a statement. CNET.
There are fixes coming up for some of these problems in Android Q, according to researchers who say they told Google about vulnerabilities in September.
However, this may not help many current Android phones that will not get the Android Q update. (As of May, only 10.4% of Android devices have the latest version of Android P installed, and more than 60% Android N, which is about three years old)
Researchers believe that Google should do more, and may introduce urgent fixes within security updates at the same time because it should not be only new phone buyers who get protection.
“Google claims publicly that privacy should not be a luxury, but it seems to be doing well here,” they say.
Google declined to comment on the specific gaps but confirmed that Android Q will hide location information from image apps by default and will require photo apps to tell the Play Store whether it can access primary data for the site.