THE BLOG

One out of Three Free Android Apps Accesses and Uploads Your Private and Sensitive Data

04/03/2013 05:05 pm ET | Updated Jun 03, 2013

If a stranger asked to see your phone so he could search through your inbox, photos, calendar entries and contact list? You'd likely be offended at the idea.

But what if the stranger offered you a free video game? Millions of smartphone owners worldwide have said yes.

About one in three smartphone apps accesses and uploads the private data you store on your phone. Your privacy is as stake, and the risk of being profiled rises with every app you download.

Privacy boundaries are becoming ever more blurry as developers incorporate ethically dubious adware that collects personal and sensitive information on you. Some 32.62 per cent of apps upload information such as your phone number, location, and your email address to third-party companies, without specifically letting you know. One in three free Android apps requests and broadcasts your sensitive personal data, without even telling you why.

Marketing companies pay big bucks for complete user profiles - with data ranging from what you browse to where you eat lunch - so they can sell you stuff by targeting you with personalized ads. Sounds farfetched, but have you noticed that each time you browse, ads seem to know what you were interested in days back?

By analyzing 130K free Android apps from Google Play, we found that 12.87 percent of them upload your phone number to a third party. This would be a good time to start asking yourself why you have been getting text messages with offers of cheap tickets to the Knicks game.

The precise coordinates of every place you've been while carrying your phone has been uploaded to an unknown server. Our study shows that 12.03 percent of the apps we analyzed did it. Imagine visiting new places during your holidays - say, a new country - or going on a business trip and having all your on-device ads switch language on you. This is already typical behavior, but at least now you know why. How comfortable are you with having "Sauron's Eye" watching your every move?

If you are not scared that apps come packed with virulent adware to grab your personal data and track your movement, what if they could also access your browsing history? Some 17.3 percent of all analyzed apps ask for permission to read your contacts, access your browsing history, and access your photos.

It may not sound like such a big deal, but if you're using your device for both personal and work activities, imagine doing some work research at home. Would it be hard for someone to figure out details of your next work project if they could follow your browsing searching patterns? Probably not. Virulent adware could prove a potent tool for corporate espionage.

Not to mention that if you have your co-workers' contacts on your device, a third party might use the data to get an overview of top management and efficiently target them with malicious and credible spam messages. This somewhat paranoid scenario does seem unlikely, but considering that such data is actually being collected, it's not such a leap of the imagination to think that it's not being filtered, processed, and aggregated into a complete and highly accurate user profile.

Creating a virtual alter ego of an individual is the Holy Grail of marketers and cyber criminals alike. Considering all the information needed is on your phone, being a bit cautious is a good thing.

The fine line between aggressive adware and cold-blooded malware is getting shadier. If malware collects passwords and credentials, aggressive adware seems to collect everything else from you. Drawing the line between malware and aggressive adware is becoming a challenging task, and users risk losing more than they think.

Of course, you could always go ahead and install a mobile security solution that can spot malware and aggressive adware at a distance. Checking for what permissions you allow apps to access is also wise, as most don't really need all of them to properly function, and you might end up giving too much for too little.

More:

Privacy