Is your Android phone watching you? Study of more than 17,000 popular apps reveals ‘disturbing practice’

Researchers who set out to investigate whether smartphones eavesdrop on consumers’ conversations debunked one conspiracy theory and ended up finding another “disturbing practice.”

Five researchers from Northeastern University in Boston, who specialize in computer science, studied more than 17,000 popular Android apps — nearly half of which were allowed access to a user’s camera and microphone — over the past year.

During their study, they did not find any apps, either on Google Play, App China, Mi.com or Anzhi, that turned on microphones and secretly recorded your conversations. They did, however, discover some may be “watching” your phone activity.

“We empirically studied the behavior these apps using a combination of static and dynamic analysis techniques,” the researchers explained in an online statement.

The researchers used an automated system to test the functions and uses of each app using 10 different Android phones, according to Gizmodo. The system monitored whether these apps sent out any information to third parties — and found that they did. The study did not include Apple’s iOS operating system.

One of the phones tracked an app called GoPuff, a Seamless-like food delivery app, recording information and sending it to a site affiliated with software company Appsee.

“The research tested dozens of apps that use Appsee, and only one of them (GoPuff) did not disclose this fact to their users, and it appears that GoPuff were capturing zipcode information with Appsee. In this case it appears that Appsee’s technology was misused by the customer and that our Terms of Service were violated,” Appsee CEO Zahi Boussiba told Fox News on Thursday. “Once this issue was brought to our attention we’ve immediately disabled tracking capabilities for the mentioned app and purged all the relevant data from our servers.”

Boussiba pointed to Appsee’s Terms of Service policy, which states customers must disclose the use of any third party technology.

Google Play notes that all apps are required to “post a privacy policy that, together with any in-app disclosures, explain what user data your app collects and transmits, how it’s used, and the types of parties with whom it’s shared.”

Google confirmed a part of Appsee’s services may put some developers “at risk of violating Play policy,”and said they’re still investigating issues recently uncovered by researchers.

“We always appreciate the research community’s hard work to help improve online privacy and security practices,” a Google spokesman said in a statement to Fox News on Thursday. “We’re working closely with [Appsee] to help ensure developers appropriately communicate the SDK’s functionality with their apps’ end-users.”

But that doesn’t mean all apps follow the rules. Some apps are open about their ability to perform screen recordings, but they don’t all inform a user when their screen is being taped nor do they explain they are sending the information to another party.

“Our study reveals several alarming privacy risks in the Android app ecosystem, including apps that over-provision their media permissions and apps that share image and video data with other parties in unexpected ways, without user knowledge or consent,” the researchers said. “We also identify a previously unreported privacy risk that arises from third party libraries that record and upload screenshots and videos of the screen without informing the user. This can occur without needing any permissions from the user.”

NU researchers Elleen Pan, Jingjing Ren, Martina Lindorfer, Christo Wilson and David Choffnes are planning to present their findings at the Privacy Enhancing Technology Symposium (PETS) in Barcelona in July.

Leave a Reply