Researchers Find Phone Apps Sending Data Without Notification
September 30th, 2010Via: PhysOrg:
Publicly available cell-phone applications from application markets are releasing consumers’ private information to online advertisers, according to a joint study by Intel Labs, Penn State, and Duke University.
Flicking through a wallpaper app with backgrounds of Mickey Mouse and a tropical waterfall, Peter Gilbert gets a plain, black and white text notification on his smartphone.
A third of the way down the screen it says, “Taint: Phone Number, IMEI, ICCID (sim card identifier).” The message alerts Gilbert that the wallpaper app has sent his phone’s number and other identifying information to imnet.us. Checking online, it appears the address is a website in Shenzhen, China.
The notification came from TaintDroid, a prototype extension to the Android mobile-phone platform designed to identify apps that transmit private data. The phone-based tool monitors how applications access and use privacy sensitive data, such as location, microphone, camera and phone numbers, and provides feedback within seconds of using a newly installed app.
TaintDroid recently identified that 15 of 30 randomly selected, popular, free Android Marketplace applications sent users’ private information to remote advertising servers and two-thirds of the apps handled data in ambiguous ways.