Skip to main content
  1. Home
  2. Mobile
  3. News

Over 1,000 Android apps are collecting user data without permission

By

When you grant an app permission to access certain data, you probably expect that denying access means that the app simply can’t access the data. Turns out, that may not be altogether true. According to a new report, over 1,000 apps have found ways to bypass those restrictions, essentially allowing them to gather data without the user knowing.

The academic study, which was published on the FTC website, shows that 1,325 of the 88,000 apps that were studied collected such information as geolocation data and phone identifiers, even if the apps weren’t given the permission to do so. There are some pretty popular apps on the list, too — including the Shutterfly app. Baidu was also collecting data through its mapping service — meaning that apps like the Hong Kong Disneyland app, which use Baidu’s mapping service, have been collecting data without permission. Other apps like the Samsung Health and Samsung Browser app also used Baidu back-end and collected data, resulting in other Baidu apps being able to read that data.

Shutterfly, for its part, denies any wrongdoing.

Recommended Videos

“Like many photo services, Shutterfly uses this data to enhance the user experience with features such as categorization and personalized product suggestions, all in accordance with Shutterfly’s privacy policy as well as the Android developer agreement,” said the company in a statement to CNET.

Some apps used more nefarious methods than others. For example, around 13 of the apps researched piggybacked off of other apps to get access to user data. These apps, which were installed over 17 million times, could read through files that were unprotected, and included the Hong Kong Disneyland app.

So what can be done to prevent these apps from collecting this data? Considering the fact that permissions are supposed to be how we control what data apps can collect, not much. The researchers in the report note that they’ve alerted Google to the issue and that Google has said that it should be fixed in Android Q, which is set to be released later this year. Even with such a fix, there are a ton of phones that won’t get access to Android Q, leaving users vulnerable to having their data collected without their permission. Apart from the fact that the apps in question shouldn’t be collecting data like this, Google should also upgrade how permissions work for all users, even those with older handsets.

Editors' Recommendations

Topics
Christian de Looper
Christian de Looper
Contributor
Christian’s interest in technology began as a child in Australia, when he stumbled upon a computer at a garage sale that he…
Google wants you to know Android apps aren’t just for phones anymore
Person holding Samsung Galaxy smartphone showing Google Play Store.

When most people think of the Google Play Store, the first thing that comes to mind is smartphones. However, the spread of the Android ecosystem is far broader than that, and Google is taking steps to increase awareness of this and make it easier for folks to find apps on the Play Store for their smart TVs, watches, and even cars.

In a blog post today, the Google Play team announced three significant changes that should make it easier for Android fans to discover apps for all their devices, right from their phone. This includes recommendations of apps for non-phone devices, a search filter to focus on only games optimized for non-phone devices, and even a remote install feature that will let you deliver those apps to your Android TV, Wear OS watch, or Android Automotive-equipped car.

Read more
Google Drive, Docs, and other apps are getting way better on Android tablets
new workspace updates for android tablets.

Google is bringing the desktop experience for its core Workspace apps to Android tablets, adding some much-needed productivity flair. The changes, which come in the wake of announcements made at I/O earlier this year, are targeted at improving the split-screen multitasking experience after laying down the foundations with Android 12L.

The first and most important change is the ability to drag and drop images from an app running in one window to another app running side by side in a second window. Google says the Chrome browser and Workspace apps like Sheets will support the drag-and-drop trick for Docs and spreadsheet cells, among other services.

Read more
Google Play Store now offers third-party app payments, but only for some users
The Google Play store icon on an Android phone.

Google will now open up its Play Store as a result of the European Union's Digital Markets Act, the company announced today. Now, any developers distributing apps or games in Europe (the European Economic Area, to be precise) will be able to sidestep the Google Play billing system with no penalty. The change comes after a similar push in South Korea.

"As of today, Google will not remove or reject updates of non-gaming apps from participating developers for offering alternative billing systems for EEA users. Google Play’s billing system will continue to be required for apps and games distributed via Play to users outside the EEA and for games distributed to users within the EEA. We expect to expand billing alternatives to developers of gaming apps for their users in the EEA, in advance of the DMA's effective date," Google's Estelle Werth, director of EU Government Affairs and Public Policy, said in a blog post.

Read more