Researchers have found more than 1,000 Android apps that skirt around data protection restrictions that ‘protect’ consumer privacy, collecting data even when users deny permission to the app to access their information.
“If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless,” said Serge Egelman, director of usable security and privacy research at UC Berkeley’s International Computer Science Institute, which produced the research.
The findings were presented at PrivacyCon, a conference hosted by the US Federal Trade Commission in late June.
“If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless,” said Serge Egelman, director of usable security and privacy research at UC Berkeley’s International Computer Science Institute, which produced the research.
The findings were presented at PrivacyCon, a conference hosted by the US Federal Trade Commission in late June.
The study’s sample contained some 88,000 apps from the Google Play store. Researchers then investigated their data transfer process after the user denied them permission to access data. They found that 1,325 of them used workarounds to circumvent the denial, in order to collect data from sources across the phone’s software.
One of the apps mentioned by name was Shutterfly, which is used for editing photos. The study found that it gathers GPS coordinates of where photos were taken and then sends the information to its own servers, regardless of whether users allowed or declined the app permission to access their location.
“Like many photo services, Shutterfly uses this data to enhance the user experience with features such as categorization and personalized product suggestions, all in accordance with Shutterfly’s privacy policy as well as the Android developer agreement,” a Shutterfly spokesperson said in a statement responding to the study.
One of the apps mentioned by name was Shutterfly, which is used for editing photos. The study found that it gathers GPS coordinates of where photos were taken and then sends the information to its own servers, regardless of whether users allowed or declined the app permission to access their location.
“Like many photo services, Shutterfly uses this data to enhance the user experience with features such as categorization and personalized product suggestions, all in accordance with Shutterfly’s privacy policy as well as the Android developer agreement,” a Shutterfly spokesperson said in a statement responding to the study.
Full report:
Comments
Post a Comment