hundreds of images, all of the contacts, the access to the account: On our Smartphones, we can manage almost our entire life. It is chock full of private data. Therefore, we should be particularly sensitized to it, what Apps we allow access to this information and what is not. Now, however, researchers demonstrated, in the context of the PrivacyCon 2019, the App makers have always found ways, the built-in security measures of Android, undercutting the Smartphones. Some applications were even able to collect data, if we have exactly the forbidden.
the Tricks of The advertising industry
researchers at the International Computer Science Institute (ICSI) examined a total of 88.113 Android Apps from the Google Play Store, whether and how the Apps transferred under the said permissions data. The result is shocking: More than 1000 Apps collected personal data, although this was, in fact, prohibited. The manufacturer took advantage of some Tricks: Some of the applications were given via a detour pirated the MAC address of the smartphone or router, whereby the device can be unambiguously identified. So the advertising industry can keep track of all the activities of the user across multiple devices.
Apple CEO Tim Cook: “If you have built a chaos factory, you have to take the responsibility for it,” Christoph Fröhlich
Also tricky: 70 of the examined Apps the movements of the user to capture, even though you have permissions no access to the Site. For this you use the on the device-stored photos and evaluate the hidden EXIF data, which, among other things, the exact location can be tracked to where the picture was taken. These data are then transmitted to the Server. What happens there with the data, you can’t understand.
Controversial App-heavyweights
It is in the Apps not niche applications. Some reported more than five million Downloads, about the photo editing App Shutterfly. A spokeswoman for the company said that it would collect data only with the consent of the user, even if the results of the researchers show the opposite.
The provider of free applications that want to hoard a lot of data, to be able to earn more money. Because often the ads are advertising, the primary source of income, these can be customized with personal information such as the location of individual users.
the report of the week star exclusive To visit in Apple’s Secret lab Of Christoph Fröhlich
according to The researchers, are some of the Android Apps will be able to each other sensitive data to exchange, although this is for the users on the first glance it is not obvious – for example, the Disneyland Park App from Hong Kong and Samsung’s Health App, which on more than 500 million devices installed. Both Apps are based on the same developer modular the Chinese provider Baidu. Thus, it is theoretically possible, that allows a legitimate App to access private data, but also other gain access to.
A full list of more than 1,300 Apps to publish to the researchers in August at the Usenix Security Conference.
solution until the autumn in view
the results of The researchers show that the Android permission system in its present Form is largely useless. Google was made according to the researchers, already in September 2018 on the weaknesses. The group had given to the gaps with the next Version of the operating system Android Q close. This is currently in a test phase and is expected to be provided in the autumn for Download.
To the majority of users arrives, is likely to take many years. The soon to be a year old Android 9 Pie is currently installed on just 18,61 percent of the devices. The previous System Oreo runs on 18,06 per cent of the Smartphones and Tablets. Thus, only about a third of the world’s Android users are using a Version of the last one and a half years.
For comparison: The third most popular Android Version is 6.0 Marshmallow. The Version was presented in October 2015, and is therefore hopelessly out of date.
read more on the subject of privacy:
network activist Katharina Nocun: “on the Basis of some data can even be used to detect whether and with whom one has an affair”
an expert on privacy: “I ask myself constantly, why people get involved it was all”
Apple’s Software chief Craig Federighi in an Interview: “We have no interest in everything about you find out”
the Hamburg data protection officer Johannes Caspar: “Facebook is the water apparently up to the neck”
sources: The study for future Reference, Cnet, Statcounter
