As it turns out, your Android apps are pairing together to share your data without asking for your permission first. Researchers from Virginia Tech developed a tool called DIALDroid to monitor exchanges of data between Android apps over the last three years, and what they’ve found is quite alarming.
The team at the Department of Computer Science at Virginia Tech’s College of Engineering analyzed 110,150 apps and found that apps sometimes mine information from each other without bothering to ask for permission first.
Gang Wang, a member of the team at Virginia Tech, noted in a statement to New Scientist, that “Apps that don’t have a good reason to ask for extra permissions sometimes don’t bother. Instead, they manage to get information through other apps.”
This puts a user’s security and privacy at great risk. The Google Play Store screens all apps for viruses and other issues before listing them online, although, as New Scientist points out, these apps are screened only individually, and what happens after a user downloads the app is the problem.
Out of the 100,206 most downloaded apps on the Google Play Store, the research team found that 23,495 were secretly colluding with each other. According to Associate ProfessorDaphne Yao, in a statement at the Association for Computing Machinery Asia Computer and Communications Security Conference in Dubai, the apps that were sharing information between each other were sharing data that would “allow unauthorized apps to gain access to privileged data.”
Of course, some of these apps could be sharing data unintentionally, but this also gives your data a greater risk to be exploited. The team found it possible that “thousands of pairs of apps could potentially leak” sensitive information to third-party apps.
Yao, at the conference, went on to note the risks associated with Android app behavior:
What this study shows undeniably with real-world evidence over and over again is that app behavior, whether it is intentional or not, can pose a security breach depending on the kinds of apps you have on your phone.
The apps that were in cahoots with each other were the ones that you would seemingly think to be the most innocent. An emoji app, for instance, could be the app that is currently running havoc with your data and creating the most mischief.
The team found that the information was passed around quite “recklessly,” but that collusion between apps “is still quite low.” For now, at least.
As more vulnerabilities between apps and a user’s information become more well known, the chance for a developer to create malware that exploits your data is a near possibility and, well, not unheard of. Your data, your sensitive information—all of it—has the chance to be shared and sold without your permission, unless you put a stop to it first.
It’s always recommended to study the permissions of your apps before downloading an application that could ultimately use your data against you. Also, feel free to use DIALDroid and monitor the exchanges of data between any of your current Android apps and take the steps needed to stop the free-sharing of your information without your permission. The DIALDroid program is open source, and is available on GitHub for you to check out and use.
Hot Deal: Set up a secure second phone number and keep your real contact details hidden with a yearly subscription to Hushed Private Phone Line for Android/iOS, 83%–91% off. It’s a perfect second-line solution for making calls and sending texts related to work, dating, Craigslist sales, and other scenarios where you wouldn’t want to give out your primary phone number.
“Hey there, just a heads-up: We’re part of the Amazon affiliate program, so when you buy through links on our site, we may earn a small commission. But don’t worry, it doesn’t cost you anything extra and helps us keep the lights on. Thanks for your support!”
