[ISN] Study Shows Some Android Apps Leak User Data Without Clear Notifications

From: InfoSec News <alerts_at_private>
Date: Fri, 1 Oct 2010 01:52:06 -0500 (CDT)
http://www.wired.com/gadgetlab/2010/09/data-collection-android/

By Priya Ganapati  
Gadget Lab
Wired.com
September 30, 2010

Something as simple as changing your Android phone’s wallpaper or 
downloading a ringtone could transmit personal data about you, including 
your location, without your knowledge.

Sound farfetched? It’s not: About 15 of 30 randomly selected, popular, 
free Android apps sent sent users’ private information to remote 
advertising servers and two-thirds of the apps handled data in ambiguous 
ways, say researchers.

The researchers at Duke, Intel Labs and Penn State University, created a 
tool called TaintDroid that identifies apps transmitting private data to 
distant locations. TaintDroid monitors how applications access and use 
your location, microphone, camera, phone numbers in your contact list. 
The tool also provides feedback once an app is newly installed, letting 
you know if the app is transmitting data.

“This automatic feedback gives users greater insight into what their 
mobile applications are doing and could help users decide whether they 
should consider uninstalling an app,” says Peter Gilbert, a graduate 
student in computer science at Duke University who’s working on the 
project. The TaintDroid program isn’t publicly available yet.

[...]


_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Thu Sep 30 2010 - 23:52:06 PDT

This archive was generated by hypermail 2.2.0 : Thu Sep 30 2010 - 23:55:22 PDT