How Android apps are spying on you
Android users are facing a new wave of privacy and security risks targeting their personal data
Google’s Android OS has been criticised again and again for its various privacy and security concerns. Many of the recent privacy breaches have come from harmless looking apps hiding a code designed to track the user’s habits to help advertisers target them with more specific content. Apps with spyware continue to be a major risk factor and they are not limited to apps from third-party stores or websites anymore.
Using ultrasonic signals to track users
Advertisers have found a new way to track user habits using ultrasonic beacons. A study by German Technical University of Braunschweig, published on 5 May 2017, claims that advertisers and marketers are embedding high-frequency sound called ultrasonic signals in TV and web advertisements. This sound is inaudible to humans, but can be detected by apps carrying specific codes to listen to them.
The researchers found 234 apps which had a hidden code that listens for ultrasonic signals without the user’s knowledge. This allowed app developers to determine users’ identity, track location and, more importantly, their habits. So an app could track which advertisements were watched by users and for how long. This allowed advertisers to target users with more specific advertisements. There is no direct way to identify such apps but one can be careful while allowing microphone access to apps in future. You can block microphone access in Settings->Apps->App Permissions.
Apps talking to each other
A study by Virginia Polytechnic Institute, published on 4 April 2017, found Android apps can be secretly talking to each other or even sharing sensitive information about users.
The researchers examined 1,10,150 apps on Google Play Store over a period of three years and found thousands of apps leaking sensitive personal information by allowing unauthorised apps access to restricted data. In a nutshell, an app which has permissions to access sensitive information was sharing them with apps which have been denied those permissions by the user.
According to software security company McAfee, users should avoid apps with embedded advertising. Excessive ads can be an indicator of the presence of multiple ad libraries, which ups the possibility of collusion. Using anti-virus apps and running regular scans can also help to identify such apps.
Spyware on Play Store
Mobile spyware is a form of malware hidden in an app. It is mostly spread through apps downloaded from unverified app stores and websites. However, there have been a few reported cases of spywares being found on apps on the Google Play Store. For example, a spyware called SMSVova, which was spying on users’ location, was downloaded over 1 million times as an update to an app called System Update through the Google Play Store. It was finally removed by Google after a security company ZScaler reported it in April 2017. A spyware piggybacks on an app and quietly gathers and relays personal information stored in the infected smartphone to the hacker. Users can avoid spywares by simply installing an anti-virus app on their smartphone.
Improper adoption of open ports
A University of Michigan study, published on 8 May 2017, has found that mobile apps such as WiFi File Transfer which use open ports to allow data sharing between a smartphone and a PC are putting user data at risk. Open port refers to a communication protocol used to connect devices on the same Wi-Fi network. These open ports could be exploited to intercept personal information on the user’s device by hackers. The researchers examined 24,000 mobile apps and found poor implementation of open port in these apps. Users can protect their data by using a firewall on the home router they are using.