Android app-makers careless with some data, says study

Staff writer
19 Aug 2011
00:00

A lot of the software written for Google's Android mobile phones falls short when it comes to user privacy and security, according to a new study.

The study was conducted by researchers from the Pennsylvania State University and North Carolina State University and involved the top 1,100 free applications available in the Android Market.

The study didn’t find anything malicious, but a surprising number of the programs used unique identifiers such as the phone’s IMEI (International Mobile Equipment Identity) number sometimes without obtaining permission to do so from the user.


One concern is that these unique identifiers could be linked to Android users in databases, essentially providing a stealthy way to track what mobile phone users are doing online, similar to the tracking cookies stored by Web browsers.

Unlike a tracking cookie, a mobile phone's IMEI cannot be deleted. The research follows up on work done by some of the same researchers who last year looked at 30 smartphone applications and found widespread sharing of location data and unique identifiers.

Researchers are only now beginning to put together a picture of what's going on beneath the surface with these mobile phone apps, said William Enck, an assistant professor with North Carolina State University and one of the authors of the study. “I think people are starting to become more aware of this, but I don't think there is widespread understanding of what the implications are,” he said.

Enck and his fellow scientists built a program that took the Java bytecode that runs on Android phones and then decompiled it, converting it into something that humans could more easily look at and understand. In total, the researchers analyzed 21 million lines of code. Most of this work was done by computer but the Enck’s team would often go in and manually inspect software that seemed interesting.

The researchers call their work the “initial but not final word on Android application security.”

Related content

Follow Telecom Asia Sport!
Tags:
Comments
No Comments Yet! Be the first to share what you think!
This website uses cookies
This provides customers with a personalized experience and increases the efficiency of visiting the site, allowing us to provide the most efficient service. By using the website and accepting the terms of the policy, you consent to the use of cookies in accordance with the terms of this policy.