Researchers create Android app that shows when other apps track you
App shows users when other apps are accessing their location
IDG News Service - A team of researchers has developed an Android app to help people better understand when their location is being accessed, something that happens more often than people think.
"All apps that access location need to request permission from the Android platform," Janne Lindqvist [cq], who led the research project, said via email. "The problem is that people don't pay attention to these default disclosures."
Android phones display a flashing GPS icon when apps are trying to access the user's location. But few people notice or understand what the icon is telling them, the researchers found.
The app they developed is designed to fix that, by making it clearer to users when other apps are accessing their location data. They tried several methods, including a message that flashes on the device's screen reading, "Your location is being accessed by [app name]."
There's no obvious way in Android for an app to monitor whether other apps are accessing location, the researchers said, but they discovered they could exploit a method in the Android Location API as "an effective side channel."
They're are in the process of readying their app for the Play Store. It doesn't have an official name yet, but the working title is the RutgersPrivacyApp. "I'm happy to hear suggestions for a better one," Lindqvist said.
They tested the app with a small group at Rutgers University in New Jersey. They said it was the first study to examine how people respond when apps tell them they're being tracked.
The issue of apps collecting data isn't new, and recent disclosures about government surveillance have shown that intelligence agencies might also be tracking data from apps. A recent report said mobile versions of Facebook, LinkedIn and Twitter were of interest to government spies.
Other research from Carnegie Mellon University in Pennsylvania has shown that seemingly harmless apps like Angry Birds and Dictionary.com have gathered some surprising types of information about their users, like their location and device ID.
At Rugers, the researchers wanted to learn how disclosures about location affected users' attitudes towards apps. They tested the app on several Android devices, using a variety of apps including Firefox and Tunein Radio.
Participants said they were surprised at some of the apps that accessed their location, and that some apps accessed their location more frequently than they would have expected.
Lindqvist hopes to make Android users more aware of location tracking so they can make better decisions about their privacy. He would also like Google to provide better privacy controls and notices in Android.
He said he focussed on Android rather than Apple's iOS partly because the process of publishing an app in the Google Play Store is simpler, he said.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts