Skip to main content

Over 1,000 Android apps are collecting user data without permission

When you grant an app permission to access certain data, you probably expect that denying access means that the app simply can’t access the data. Turns out, that may not be altogether true. According to a new report, over 1,000 apps have found ways to bypass those restrictions, essentially allowing them to gather data without the user knowing.

The academic study, which was published on the FTC website, shows that 1,325 of the 88,000 apps that were studied collected such information as geolocation data and phone identifiers, even if the apps weren’t given the permission to do so. There are some pretty popular apps on the list, too — including the Shutterfly app. Baidu was also collecting data through its mapping service — meaning that apps like the Hong Kong Disneyland app, which use Baidu’s mapping service, have been collecting data without permission. Other apps like the Samsung Health and Samsung Browser app also used Baidu back-end and collected data, resulting in other Baidu apps being able to read that data.

Related Videos

Shutterfly, for its part, denies any wrongdoing.

“Like many photo services, Shutterfly uses this data to enhance the user experience with features such as categorization and personalized product suggestions, all in accordance with Shutterfly’s privacy policy as well as the Android developer agreement,” said the company in a statement to CNET.

Some apps used more nefarious methods than others. For example, around 13 of the apps researched piggybacked off of other apps to get access to user data. These apps, which were installed over 17 million times, could read through files that were unprotected, and included the Hong Kong Disneyland app.

So what can be done to prevent these apps from collecting this data? Considering the fact that permissions are supposed to be how we control what data apps can collect, not much. The researchers in the report note that they’ve alerted Google to the issue and that Google has said that it should be fixed in Android Q, which is set to be released later this year. Even with such a fix, there are a ton of phones that won’t get access to Android Q, leaving users vulnerable to having their data collected without their permission. Apart from the fact that the apps in question shouldn’t be collecting data like this, Google should also upgrade how permissions work for all users, even those with older handsets.

Editors' Recommendations

Google adds more iMessage features to Android’s Messages app
Google Pixel 6 Pro wallpaper.

Google is upgrading Android's default messages app with support for iMessage reactions and enhanced media sharing as it tries to lure over customers from Apple's iPhones over to Pixels and other Android phones. The new updates are rolling out this week to the U.S. and some worldwide countries.

The biggest change Google is bringing here is support for iMessage reactions, or tapbacks. While Google supports reactions between Android phones, and iPhones support reactions between iPhones, this is the first time both are being cross-compatible -- kind of. iPhone users will now have their tapbacks converted to emoji on Android phones, but Android users will still remain unable to send reactions to iPhones. This does mean an end to "Laughed at," style messages, for Android users at least.

Read more
Google faces legal trouble over Android data collection
Location tracking on Android and iOS

The Washington D.C. Attorney General is suing Google over its supposedly deceptive location permissions policies. The lawsuit, partially instigated by a 2018 Associated Press story, claims that Google is financially motivated to collect location data from Android users to bolster its advertising business and has actively obfuscated ways of hiding your location data through confusing settings and language.

"Since at least 2014, Google has deceived consumers regarding how their location is tracked and used by the Company and consumers’ ability to protect their privacy by stopping this tracking. Google leads consumers to believe that consumers are in control of whether Google collects and retains information about their location and how that information is used. In reality, consumers who use Google products cannot prevent Google from collecting, storing, and profiting from their location," the lawsuit alleged.

Read more
Apple finally makes it harder to stalk Android users with its new Tracker Detect app
Apple Airtag in different polyurethane and leather key rings and loops

Apple has announced and released a new AirTags tracker app for Android called Tracker Detect. This has been done to resolve one of the privacy issues inadvertently introduced with AirTags earlier this year -- the ability to track someone without their knowledge. Once it was installed and a scan was initiated, the app was able to highlight unknown AirTag trackers nearby, essentially revealing the location of strangers and opening the door for planting an AirTag on someone without their knowledge to keep tabs on them.

AirTags were released earlier in the year as a rival to Tile and other Bluetooth trackers. They leveraged Apple's Find My network to help users track lost items by communicating with a combination of Bluetooth and Ultra Wideband. Unlike Tile trackers, they could also be used to geolocate lost items. However, AirTags also came with an unintended consequence: They could allow people to be tracked without their knowledge by simply tagging their clothes or personal property. Apple users would be protected against it as an iPhone running iOS 15 would be able to detect that an unknown AirTag was found moving with you, but that was not an option for Android devices.

Read more