Are Android apps sharing sensitive data with advertisers?

1 Oct 2010

A study of 30 of the top 400 Android smartphone applications by Intel Labs, Penn State and Duke University, has found that half of these share location information and unique identifiers with advertisers.

The team of researchers say that app creators must provide consumers with more information of what will be done with the data that is gathered.

The researchers found that when installed, these Android apps ask for permission to access location, camera and audio data.

An extension to the Android operating system created by the team called TaintDroid found that 15 of the apps sent location information to advertisers but did not tell the smartphone user that the data was being shared.

As well as this, some of the apps gathered and dispatched location information even when the app was not running. Some sent updates every 30 seconds.

Unique identifiers going to advertising servers

The TaintDroid system found that the unique IMEI number on devices, which uniquely identifies a specific mobile phone and is used to prevent a stolen handset from accessing the cellular network, was transmitted to advertisers via at least nine applications.

Half of the studied applications exposed location data to third-party advertisement servers without requiring implicit or explicit user consent.

“Our study revealed that two-thirds of the applications in our study exhibit suspicious handling of sensitive data, and that 15 of the 30 applications reported users’ locations to remote advertising servers,” the team said in its report.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years