A substantial portion of Google Android apps send users’ personal information to advertisers, says a new study conducted by researchers from Intel Labs, Pennsylvania State University and Duke University.
Those researchers developed a “systemwide dynamic taint tracking and analysis system” called TaintDroid to monitor 30 popular third-party Android applications. According to their research paper, due to appear at the 9th USENIX Symposium on Operating Systems Design and Implementation, around 20 of those applications produced 68 instances “of potential misuse of users’ private information.”
Some 15 apps reportedly siphoned users’ location data to “remote advertising servers.” The researchers used a Google Nexus One running Android 2.1, modified for their TaintDroid program.
News of the study leapt across the blogosphere Sept. 30, igniting privacy concerns. In response, Google shifted into damage-control mode.
“Of all computing devices, desktop or mobile, users necessarily entrust at least some of their information to the developer of the application,” wrote a Google spokesperson in a Sept. 30 e-mail to eWEEK. “Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer.”
Google provides developers with “best practices” about how to handle user data, the Google spokesperson added. “When installing an application from Android Market, users see a screen that explains clearly what information the application has permission to access, such as a user’s location or contacts,” the e-mail continued. “Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time.”
Any third-party code included in an application, the spokesperson concluded, “is bound by these same permissions.”
Across the Web, some bloggers and commenters pointed out how issues of privacy and information tracking aren’t necessarily limited to Google’s smartphone operating system; however, given that the study focused only on Android, much of the initial chatter cast the problem as an Android-specific one. A third-party test of Apple iOS 4, for example, could potentially offer similar results.
Issues over Android’s privacy and security have dominated enterprise discussions over the past few months, as the operating system gains increased market share traction within businesses. Of course, consumers have their own concerns as well-ones likely to increase as Android and other smartphone operating systems become more ubiquitous.