The International Computer Science Institute has discovered over 1300 apps that collect data on users without having permission: what are they
When we install u app on our Android smartphone we think we have control over the data it can collect: in theory we just need to deny it permissions to access our files, camera, microphone and so on. But in practice, that's not always the case: the International Computer Science Institute (ICSI) has uncovered 1,325 apps that bypass the user's "No" sign and collect data without our permission.
How do they do it? They track our Wi-Fi connection, or read the metadata of the photos (from the GPS tag it is possible to know where the photo was taken, and understand where the user is) and cross this data with the IMEI code of the smartphone to create a profile not of the user, but of the device. Which, however, is really pretty much the same thing. These one thousand three hundred applications have been found by ICSI within 88 thousand apps analyzed in total, all present on the Google Play Store. A mammoth research, which highlights how developers very often do what they want, even if the user tries to deny him access to his personal data.
Which are the spy apps
The complete list of the 1,325 apps that collect data without the user's okay has not yet been made public: it will be unveiled at the Usenix Security Symposium 2019 to be held August 14-16 in Santa Clara, California. According to ICSI, however, there are several apps (installed on half a billion devices) that pull a trick: they don't collect data directly, but through a second app to which access to the data had previously been granted by the user. Among them are Samsung Health and the app developed by Baidu for the Disneyland park in Hong Kong.
Waiting for Android Q
As always, the finger is pointed at Google, which despite having a strict policy for publishing on the Play Store, in the end lets almost any app be downloaded and installed by the user. It's certainly not easy for Big G to keep under control the huge catalog of apps on the Play Store, so much so that Google has long since decided to solve the problem by acting directly on the Android operating system. With Android Q, coming in August, the information collected by these apps will be screened and inaccessible. In theory (and hopefully in practice this time), cases like the ones discovered by ICSI should gradually become a distant memory.