Your apps are spying on you
Awareness around data integrity is improving every day, but are your efforts to shore up your sensitive personal information in vain?
Unfortunately, the answer appears to be yes.
Have you ever had a phone conversation about a brand or product, only to hop onto your browser later that day and be inundated with ads for the same product?
It's enough to make anyone do a double take, and it's been the source of an old legend: our phones record our conversations.
9,000 of those apps had the potential to be unfaithful to the user.
While no evidence was found of recorded conversations, the apps in question took screenshots of activity before forwarding them onto third parties.
That’s just a tad horrifying.
David Choffnes, who was one of two computer science professors who oversaw the study, commented on the findings: “We found that thousands of popular apps have the ability to record your screen and anything you type.
“That does include your username and password, because it can record the characters you type before they turn into those little black dots.”
“We knew we were looking for a needle in a haystack,” Choffnes said, “and we were surprised to find several needles.”
Although the privacy breaches over the course of the study were largely benign, it drives home just how easy it could be for your phone to be exploited for cash.
“This opening will almost certainly be used for malicious purposes, it’s simple to install and collect this information,” said Christo Wilson, the other computer science professor on the research team.
“And what’s most disturbing is that this occurs with no notifications to or permission by users.
“In the case we caught, the information sent to a third party was zip codes, but it could just as easily have been credit card numbers.”
It should be noted that while the study was only conducted on Android apps, the study concluded that iOS apps were likely guilty of similar breaches.
So, how do we combat this betrayal?
Android Q teases new and improved privacy controls
While there’s no quick fix for this loophole, greater app security is a major point of emphasis in the upcoming Android Q release.
In the new edition of the popular OS, a status bar feature displays when sensitive phone permissions are in use and which apps are responsible.
Among these fresh features will be a list that displays:
- Apps by most frequently accessed permission
- Apps by most permission use
- Apps that gained recent permission access
This will be a significant upgrade over Android’s current permission screen, which is a simple series of on/off switches.
Other improvements include greater visibility on why apps need certain permissions and GPS services being actively turned off when an app is running in the background.
In theory, these updates should help users make informed decisions around which apps could be up to no good.
S3 Consortium Pty Ltd (CAR No.433913) is a corporate authorised representative of LeMessurier Securities Pty Ltd (AFSL No. 296877). The information contained in this article is general information only. Any advice is general advice only. Neither your personal objectives, financial situation nor needs have been taken into consideration. Accordingly you should consider how appropriate the advice (if any) is to those objectives, financial situation and needs, before acting on the advice.
Conflict of Interest Notice
S3 Consortium Pty Ltd does and seeks to do business with companies featured in its articles. As a result, investors should be aware that the Firm may have a conflict of interest that could affect the objectivity of this article. Investors should consider this article as only a single factor in making any investment decision. The publishers of this article also wish to disclose that they may hold this stock in their portfolios and that any decision to purchase this stock should be done so after the purchaser has made their own inquires as to the validity of any information in this article.
The information contained in this article is current at the finalised date. The information contained in this article is based on sources reasonably considered to be reliable by S3 Consortium Pty Ltd, and available in the public domain. No “insider information” is ever sourced, disclosed or used by S3 Consortium.