Tuesday, February 4, 2014

Android users, your apps are spying on your location

Lots of apps:
University researchers have developed a smartphone app to show users how often their mobile software tracks their movements.

The team from Rutgers University said that the their Android tool uses a real-time monitoring system to show exactly when an application pulls locational information and transmits it. The results, they say, were eye-opening for many users.

"Our results confirm that the Android platform’s location access disclosure method does not inform participants effectively," the team wrote. "Almost all participants pointed out that their location was accessed by several apps they would have not expected to access their location."
It's really a promiscuous use of location tracking by all sorts of apps that have no business messing with it.  Given the generally terrible security that you find in most apps, and the desire of the NSA/GCHQ/EIEIO to slurp all of that up, this is bad juju.

And yes, "bad juju" is a technical security term, similar to FUBAR.
To prove their point, the Rutgers team offered results of a campus experiment which placed users with the tracking notification software against Android users without the tool. Results of the test, they say, showed that the users with the alert tool were better informed about application tracking behaviors and were more likely to understand how individual apps were handling their data.

That the additional tools are needed to properly understand what applications are doing is an indictment of the way Android handles locational tracking, say the researchers.
They will release their app to the Google Play store in two months so you can   spy on the spys.  Quis custodiet, and all that.  Because it's good to protect your metadata.

Wonder how many apps will release an update in the next 2 months, turning off location tracking.  Bet the number is greater than zero.


Old NFO said...

Oh yeah, LOTS of updates coming... I hope (even though I don't have an Android).

deadmandance said...

The question I always wonder is if there is there any reason to believe an app just because it says it isn't tracking your location.

Rick C said...

I assume that if it asks for the permission, it is going to use it.

A game I really like, Triple Town, recently updated to add in location tracking "because their new ad network requires it." So now every week I get a nag from the Play Store telling me the app needs updating. Well, it may, but I don't.

Joseph said...

At the risk of raising ire: I note your list of tags for this post. May I suggest you add a new one - "IT god complex"?

Sadly, I fear that some of this comes from pure hubris, along with a dash (or five) of the unfortunate inclination towards the mindset of a petty tyrant that I've seen in some really smart IT-savvy people. They pull stunts like putting location tracking in an app that in no way needs it simply because they can, and they don't think the average user is smart enough to catch them in it, much less call them on it.

Of course, in this day and age, the various tentacles of the .gov are happy to reap the snooping benefit of such arrogance.

And of course, I'm not even remotely suggesting that some of the apps have this built in at the suggestion of that .gov. "Suggestion" as in, "Nice app you got here. Be a shame if something happened to it..."