New Delhi: Did you know your smartphone app can access the restricted data despite denying the permission?
According to a June 2019 study by International Computer Science Institute (ICSI) there are thousands of apps on Play Store which are capable of accessing restricted data even if they don’t have the permission. These apps are exploiting common SDK (software development kit) libraries embedded in the apps to communicate with another app that has been granted the permission to access the same data. These third-party libraries are often used for analytics services, social-network integration and advertising.
Most apps, be it on Android or iOS, collect user information right from the moment they sign up for them with their email, phone number or social media accounts. App developers use this data to improve the user experience or monetise them by sharing it with advertisers.
Kaspersky Labs points out users can identify apps that have been spying on them by using services like AppCensus and Exodus Privacy. The former uses dynamic analysis to study the behaviour of Android apps and can enlighten users on what personal data they are collecting and who they are sharing it with. Exodus Privacy takes it a step further by studying apps directly and looking for built-in trackers. These are designed to gather information about users which could be used to show them more personalised ads. It also examines app permissions more closely to identify apps that pose a privacy and security risk.
Researchers at Kaspersky Labs used the two apps to analyse a selfie camera app which has over 5 million downloads on the Play Store. Exodus Privacy found that the app was asking for permission to access device location. While permission to access the camera is understandable since it is selfie app, permission to access location is not strictly necessary for it to operate. Many apps do this to add geotags to photos EXIF (exchangeable image file format). Studies have showed that this is a privacy risk in itself.