This week another round of “Android spyware” news hit the Web, when a study by university researchers found that some Android applications were transmitting private data to advertisers, often without users’ knowledge. The team studied 30 out of the 358 most popular Android applications that allow access to the location of the users, camera and audio data and logged their conclusions using an oddly named piece of software called “TaintDroid.”
But is this news as bad as it seems? Google certainly doesn’t think so, saying this is not a problem with Android specifically, but with all software. What do you think? Let us know in ReadWriteMobile’s first weekly poll.
Android Apps Found Sharing Data
Here’s a summary of the story, in case you missed it:
Computer science researchers from Intel Labs, Penn State and Duke University studied the behavior of 30 different free applications and found that half were sending private information, including the user’s location, to remote advertising servers. Approximately one-third of the apps exposed the device ID, sometimes with the phone number and the SIM card serial number, too. (Here’s their report.)
The researchers said users lack visibility into how applications are using (and misusing) their private data and are often too blindly trusting of application developers. To show what the mobile apps were really doing, the researchers used their own creation called TaintDroid, a tool that was able to track these potential privacy violations.
This isn’t the first time news about apps that access private data, often unbeknownst to users, has appeared. Earlier, we’ve seen stories about a thievish Android wallpaper app, an Android trojan and Android spyware. In some cases, there was evil intent on the developers’ part, but in other cases, it appears to be just a misconfiguration made by an amateur developer.
Google’s Response: This is NOT an Android Issue
Google reminds us, via an email response to our request for comment, that Android users are explicitly informed what level of access an app is requesting upon installation.
More importantly, Google stresses this is not an Android-specific issue, but one that affects all software. Here’s the company’s official response:
On all computing devices, desktop or mobile, users necessarily entrust at least some of their information to the developer of the application. Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer. We also provide developers with best practices about how to handle user data.
When installing an application from Android Market, users see a screen that explains clearly what information the application has permission to access, such as a user’s location or contacts. Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time. Any third party code included in an application is bound by these same permissions. We consistently advise users to only install apps they trust.
The spokesperson also noted that the researchers only studied a few apps and didn’t test any from other operating systems for comparison purposes.
Your Turn: POLL
What do you think? Is the issue of Android spyware/malware/privacy violations being overblown? Or is there genuine concern that Android applications are potentially dangerous vectors for privacy violations and perhaps worse? Let us know in the poll below (and the comments!)
Image credit: Neonmonster, artist: Andrew Bell