Several apps spy on screens, share content
Hyderabad: While people believe that apps are listening to their conversations to target them with advertisements, a research of about 17,260 apps reveals that this may not be entirely true. So, the next time if you speak about T-shirts and an online T-shirt sale pops up on your phone, it could be sheer coincidence or many other users are interested.
The computer science academics unit at North Eastern University said, no substantial evidence was found to prove that the apps are listening to conversations. At least 9,000 apps sought camera and microphone permissions. Researchers Elleen Pan, Jingjing Ren, Martina Lindorfer, Christo Wilson and David Choffnes ran an experiment to study apps from Google Play, App China, Mi.com, and Anzhi.
Several apps leak content recorded from the camera and the screen over the internet, and in ways that are either unexpected given the purpose of the app. The researchers noted, “Our analysis reveals that several apps share image and video data with other parties in unexpected ways. For example, several photo editing apps process images in the cloud without explicitly mentioning the behaviour in their privacy policy.”
While apps did not listen to phone conversations, some apps record the phone’s screen and send the data out to third parties for analytics, revealed the year-long study. “Unlike the camera and audio APIs, the APIs for taking screenshots and recording video of the screen are not protected by any permission. This lack of access control is problematic, as apps can potentially record users’ screen interactions without their awareness”, they said in their study, Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications.
“It is true that there is over-provisioning of permissions when it comes to apps. Some apps which do not need the camera seek access to it. According to Arrka research, Indian apps take 3.5X times more dangerous permissions as compared to that of US apps. A more localised research may point out the flaws or stance of our apps. From the users’ point they can just revoke it from settings, it is developers and audit folks who need to be precise,” said security reseacher V. Vikrant.
H7