Worried your Android apps are spying on you? You should be, according to a recent study that found several popular Android apps regularly share your location and critical phone data such as your phone number with advertisers and others. Researchers from Intel Labs, Penn State and Duke University randomly selected 30 out of 358 popular apps from the Android Market for this study. The computer scientists were able to track each application's behaviour using a special monitoring program called TaintDroid developed by the researchers.
Here's a breakdown of the researcher's findings:
- 15 popular Android apps sent location information to advertisers without requiring user consent
- 9 apps transmitted a user's International Mobile Equipment Identity number, a unique device identifier
- 7 out of those 9 apps did not mention IMEI collection in their End User Licence Agreements including one unnamed popular social networking app and one unnamed location-based search application
- 2 applications transmitted a user's phone number and ICC-ID, a SIM card's serial number, both of which are unique identifiers
While those findings may sound scary, the good news is I've got 7 tips for you to keep prying eyes off your Android smartphone or your iPhone.
Check your permissions
You can find a list of what your apps are doing by visiting the Android Market via your mobile device. Go to menu>downloads to see a list of the apps you've downloaded. Then select the app you want to check up on and go to menu>security. This will give you a list of all the information on your device that your application can access. This won't tell you what those apps are doing with that information, but at least you can get rid of any applications that want access to information you're not comfortable sharing with it.
Note that some of Android's sharing and permissions information is a little hard to understand. Many apps, for example, say they have "full Internet access," but the Market doesn't explain what that means. Android's developer documentation isn't much help either, but it appears "full Internet access" means an app has unfettered access to send and receive data.
Check your location
If you're an iPhone user, you don't have the same wide array of permissions you can access through your phone. You can, however, check to see which of your apps are using location information. On your phone navigate to Settings>General>Location Services. This will show you a list of all the apps on your phone that use location information, and ones that have accessed your location in the past 24 hours are marked with an arrow. You can also deny any application access to your location information from this list.
Check those comments
Google relies on community policing to keep the Android Market safe, so make sure you take advantage of each application's comments section. Look for complaints about how an app functions or problems with your specific device. Also, make sure you read a little deeper than just the first few comments at the top.
iPhone users are unlikely to find complaints about malware or other dirty deeds in the comments. Nevertheless, comments are still an important source to find out what others think about the quality of a particular app.
Just as important as checking comments is to share your own thoughts about apps you've used. If you've been scammed by a peculiar app, make sure you share your horror story with others.