Breaking News

ASUSTOR 30 TB Ironwolf Pro Now Officially Supported ASUS Announces ExpertCenter P500 SFF Lexar Launches the NM990 PCIe 5.0 SSD DJI Agras T100, T70P and T25P Launches Globally Sony Introduces the RX1R III

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Preinstalled Android Apps are Sharing Your Data to Advertisers

Preinstalled Android Apps are Sharing Your Data to Advertisers

Smartphones Mar 28,2019 0

A research conducted by the researchers at IMDEA Networks Institute, Stony Brook University, Universidad Carlos III de Madrid, and ICSI, found that the pre-installed apps often send your personal data back to advertisers.

Most new Android smartphones come with bloatware preinstalled that could do far more than simply chew up your storage. The security researchers scanned the firmware of more than 2,700 consenting Android users around the world, creating a dataset of 82,501 pre-installed Android apps.

Many of these apps spied on their users, according to the research paper, accessing highly personal information. The researchers said:

"According to our flow analysis, these results give the impression that personal data collection and dissemination (regardless of the purpose or consent) is not only pervasive but also comes pre-installed."

Not only did preinstalled applications harvest geolocation information, personal email, phone call metadata and contacts, but some of them even monitored which applications users installed and opened. In many cases, personal information was funneled straight back to advertising companies.

Many of these preinstalled apps gather and communicate information using custom permissions, granted by the smartphone vendor or mobile network operator, which enabled them to perform actions that regular applications cannot.

Examples included preinstalled Facebook packages, some of which were unavailable on the regular Google Play store. These automatically downloaded other Facebook software such as Instagram, the researchers said. They also found Chinese applications exposing Baidu’s geolocation information, which could be used to locate users without their permission.

The researcher’s analysis suggests that many of these apps may be using custom permissions like these to harvest and exchange information as part of pre-defined data exchange agreements between companies.

"These actors have privileged access to system resources through their presence in pre-installed apps and embedded third-party libraries. Potential partnerships and deals – made behind closed doors between stakeholders – may have made user data a commodity before users purchase their devices or decide to install software of their own."

The paper singled out the people doing digital deals behind your back as smartphone vendors, mobile network operators, analytics services and online services companies.

The researchers also found malware libraries embedded in some preinstalled software. One such library, called Rootnik, has the ability to gain root access to a device, leak personally identifiable information, and install additional apps. The researchers added:

"According to existing AV reports, the range of behaviors that such samples exhibit encompass banking fraud, sending SMS to premium numbers or subscribing to services, silently installing additional apps, visiting links, and showing ads."

Google allows third-party companies to package and preinstall applications that they see fit onto their own versions of Android. In many cases that process is far from transparent, the paper warned.

The second problem is that many of the apps that make it through this process are self-signed. Mobile applications are supposed to prove their legitimacy by using digital certificates, but many developers simply create their own.

Some of these apps also use third-party libraries which may contain their own security or privacy issues. By granting custom permissions to an app, a smartphone vendor is also granting the same permissions to the third party library that is piggybacking on it.

Tags: androidprivacy
Previous Post
ECG App and Irregular Rhythm Notification on Apple Watch Available Across Europe and Hong Kong
Next Post
Office Depot to Pay $35 Million to Settle FTC Allegations That it Deceived PC Users

Related Posts

  • What’s new in Android 15, plus more updates

  • Connecting all things Android at MWC Barcelona

  • New features for businesses in Android 13

  • Lucky number Android 13: The latest features and updates

  • What’s beta than Android 13?

  • HLDS UD Station DVDRW (Preview)

  • EU Privacy Watchdog Accused of Delaying Probe Procedures Against Facebook

  • Facebook Users Accept $550 Million Privacy Deal Over Facebook's “Tag Suggestions”

Latest News

ASUSTOR 30 TB Ironwolf Pro Now Officially Supported
Enterprise & IT

ASUSTOR 30 TB Ironwolf Pro Now Officially Supported

ASUS Announces ExpertCenter P500 SFF
Enterprise & IT

ASUS Announces ExpertCenter P500 SFF

Lexar Launches the NM990 PCIe 5.0 SSD
PC components

Lexar Launches the NM990 PCIe 5.0 SSD

DJI Agras T100, T70P and T25P Launches Globally
Drones

DJI Agras T100, T70P and T25P Launches Globally

Sony Introduces the RX1R III
Cameras

Sony Introduces the RX1R III

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

be quiet! Pure Base 501

be quiet! Pure Base 501

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed