Unintentional Information Share? An Android Cautionary Tale

Posted by

When it comes to mobile security and user privacy, Android apps may be falling down on the job.  This is according to recent research published by Pennsylvania University and North Carolina State University.

In their research, the two schools took a look at the top 1100 free Android application available via Android Market.  While they did not find anything purposefully malicious (malware), they did find a large number of the programs that relied upon unique identifiers such as the cell phone’s IMEI which, in turn, provides a traceable link to the user.  Some of these applications used these unique identifiers without permission of the user.

The study of what happens behind the scenes when we use a cell phone or smartphone has become a focal point for a lot of different research organizations and groups.

“I think people are starting to become more aware of this, but I don’t think there is widespread understanding of what the implications are,” said William Enck, North Carolina State University assistant professor and contributing author.

Of the research, Lee Tien, an attorney at Electronic Frontier Foundation said, “The paper really expands our understanding of what applications under Android really are doing […] and what they are doing with our data.”

Those conducting the research said that their findings should be considered an initial study rather than a “final word” regarding the security of Android applications.  They note that while the study does show what the apps are capable of, it does not necessarily mean that the apps apply that functionality in practical applications.