1000+ Android apps ignore permissions and harvest data anyway

and if anyone/thing would get miffed over “losing out on that data for (only) its own use” it will be the goog and androidQ will “fix” this nasty leak from its treasure trove, securing all your base (within 10m of phone sensors) under the goog’s protective overwatch…

Quis custodiet ipsos custodes?

1 Like

“Nice” that people will likely have to buy new phones to get the security fix. I wonder whether I will receive Android Q as I just got Android P and the Android One promise is the latest Android for two years and security patches for year more, but most of Androids are outdated the moment they are bought. Not that iPhone Apple is much better as they don’t say anywhere publicly how long their phones will be supported.

I wonder if the list of these 1000+ apps is available somewhere, there are so many that probably everyone recognises and has some of them installed, especially while using Google Play Services.

my filters kept hyperlinks in article from showing as such, sounds like the best we’ll get will be from https://www.ftc.gov/news-events/audio-video/video/privacycon-2019-part-2 (I didn’t watch the video, but followed link: https://www.ftc.gov/news-events/events-calendar/privacycon-2019
to find this nugget under event materials: https://www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf

and bottom of original (cnet) article suggests more to be revealed next month:

Egelman said he will be releasing details with a list of the 1,325 apps the researchers discovered when he presents the study at the Usenix Security conference in August.

The specific event in Usenix Security conference calendar: https://www.usenix.org/conference/usenixsecurity19/presentation/reardon

1 Like

@Mikaela dug a bit more and in the linked above PDF references:
[8] AppCensus Inc. Apps using Side and Covert Channels.
https://appcensus.mobi/usenix2019 , 2019.

which gives me 404, but look around that site (about and tested apps) and blog and see Reardon and Engelman contributing to blog (and papers referenced in the website about) so do imagine the usenix2019 link will either flesh out for the conference in August or they took it down to avoid legal harassments from pissed off exposed app asshats.

good blog post about related, ignoring play store Advertisement ID mandate to not transmit it with any other identifier…

another real good resource is the exodus app and website. I do believe a contributor behind this project is active in matrixlandia that tried to reason with me when I was up at arms over riot-web app being the 3 tracker laden librem1 chat borg-mother (blamed/shirking responsibility by purism guys for trackers in their riot rebranded app)