Personal information about you and your smartphone is valuable to certain companies. Big Data, as it is so frequently called, can be anything from application usage patterns, location data, websites visited and many things in between. Google has been aware that developers of software such as Flashlight applications in the Play Store were taking your location data and selling it to 3rd-party companies. They have combated this with the introduction of granular permissions, but not all applications use them.
Independent researchers are able to spot when a single application is taking your data and sending it off to a certain server. This has been done time and time again to catch malicious applications but it looks like some are starting to make this more complicated to spot. Instead of having data sent to an outside server, some researchers from Virginia Tech have noticed multiple pairs of applications are colluding to extract sensitive data from your phone and sharing it with the other.
A good example of this would be one application you have installed that you specifically forbid to have access to your location data. Then you have another application that you installed which you feel permission to access your location data was warranted. It seems these researchers have discovered many pairs of applications like this where one with such access is sharing its information with another that you have installed on your device.
The study they published last week showed proof that over 20,000 application pairings were leaking sensitive data from one to another. The system these researchers used has been dubbed DIALDroid, and they discovered 23,500 application pairs that leak data from 100,206 of the most downloaded Android applications. The applications seem to be set up in a sender/receiver type of fashion and the researchers discovered there were only 33 "senders" in the study they published.
Via: The Atlantic Source: Virginia Tech (PDF)
from xda-developers http://ift.tt/2p8qqS5
via IFTTT
No comments:
Post a Comment