A portion of Google Android apps feed personal data to advertisers' servers, according to a new study. However, while that study was focused on Android, that doesn't mean privacy is an issue only for Android.
A substantial portion of Google Android apps send users' personal
information to advertisers, says
a new study conducted by researchers
from Intel Labs, Pennsylvania
and Duke University.
Those researchers developed a "systemwide dynamic taint tracking and
analysis system" called TaintDroid to monitor 30 popular third-party
Android applications. According to their research paper, due to appear at the
9th USENIX Symposium on Operating Systems Design and Implementation, around 20
of those applications produced 68 instances "of potential misuse of users'
Some 15 apps reportedly siphoned users' location data to "remote
advertising servers." The researchers used a Google Nexus One running
Android 2.1, modified for their TaintDroid program.
News of the study leapt across the blogosphere Sept. 30, igniting privacy
concerns. In response, Google shifted into damage-control mode.
"Of all computing devices, desktop or mobile, users necessarily entrust
at least some of their information to the developer of the application,"
wrote a Google spokesperson in a Sept. 30 e-mail to eWEEK. "Android has
taken steps to inform users of this trust relationship and to limit the amount of
trust a user must grant to any given application developer."
Google provides developers with "best practices" about how to
handle user data, the Google spokesperson added. "When installing an
application from Android Market, users see a screen that explains clearly what
information the application has permission to access, such as a user's location
or contacts," the e-mail continued. "Users must explicitly approve
this access in order to continue with the installation, and they may uninstall
applications at any time."
Any third-party code included in an application, the spokesperson concluded,
"is bound by these same permissions."
Across the Web, some bloggers and commenters pointed out how issues of
privacy and information tracking aren't necessarily limited to Google's
smartphone operating system; however, given that the study focused only on
Android, much of the initial chatter cast the problem as an Android-specific
one. A third-party test of Apple iOS 4, for example, could potentially offer
Issues over Android's privacy and security have dominated enterprise
discussions over the past few months, as the operating system gains increased
market share traction within businesses. Of course, consumers have their own
concerns as well-ones likely to increase as Android and other smartphone
operating systems become more ubiquitous.