A recent test of prototype security code for Android phones found that 15 of 30 free Android Market applications sent users' private information to remote advertising servers, without the users being aware of what was being sent or to whom. In some cases, the user's location data was sent as often as every 30 seconds.
The software, called TaintDroid, was designed to uncover how user-permitted applications actually access and use private or sensitive data, including location, phone numbers and even SIM card identifiers, and to notify users within seconds. The findings suggest that Android, and other phone operating systems, need to do more to monitor what third-party applications are doing under the covers of smartphones.
TaintDroid is a joint effort by Peter Gilbert and Landon Cox from Duke University, Jaeyeon Jung, Byung-Gon Chun and Anmol Sheth of Intel Labs and William Enck and Patrick McDaniel of Penn State University. The team's paper, "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones" is online and is being presented next week at the USENIX Symposium on Operating Systems Design and Implementation (OSDI).
Smartphone apps can combine data from remote cloud services with data pulled from the phone and its sensors, such as GPS receiver, camera, accelerometer and microphone. And there are legitimate reasons for applications to access a range of user privacy data.
But today, Android and other mobile operating systems offer only basic controls: users can allow or not allow an application to access such information. But they can't control how that data is subsequently used by the application. The online Android Market passed the 50,000 apps milestone last April.
"For example, if a user allows an application to access her location information, she has no way of knowing if the application will send her location to a location-based service, to advertisers, to the application developer, or to any other entity," the authors note. "As a result, users must blindly trust that applications will properly handle their private data. This lack of transparency forces users to blindly trust that applications will properly handle private data."
A controversial study released in June 2010 by smartphone security vendor SMobile (just acquired by Juniper) said that 20% of Android applications were seeking access to sensitive data. The report was trumpeted in an barrage of scare headlines implying the applications therefore were unsafe. Many Android developers noted that users explicitly grant permission to these applications, and access to such data is often necessary.