Over 1000 apps do not need your permission to gather personal data from Android devices. And in some cases, permission may be previously denied. The breach in security was noticed recently when more than 1000 apps appeared to be gathering the information bypassing restrictions of privacy.

What has happened?

Researchers from the International Computer Science Institute have noticed that 1 325 apps for the Android platform are still capable of gathering the data despite privacy securities. Even though the permission to access the information was denied, these apps can still gather some data, like geolocation.

The head of usable security and privacy research at ICSI, Serge Egelman, said in a statement that the research confirms that many apps don’t need your permission for data gathering. Developers of these apps can use your data even after the access was denied. He said that this research proves how limited users are in their rights.

How does it work?

All the researched apps have their own way to the users’ personal data. Some of them identify your Wi-Fi network and gather the information about the user’s location and MAC address of the router. Others, like Hong Kong Disneyland from Baidu and Health and Browser apps from Samsung, use third-party apps to gather IMEI numbers and so on. You allow other apps access to data on your CD card, and spying apps take advantage of it.

Similar capabilities have 153 apps in total. They can be repeatedly installed by users who don’t suspect anything. More than 500 phone users installed Health and Browser apps from Samsung, and over 17 million users downloaded Hong Kong Disneyland park from Baidu.

Another way to receive the information is through the photos that users make. This way Shutterfly gathers GPS coordinates and keeps them on their server. The app developers do not admit any allegations. According to them, there is only GPS data gathered with permission from users.

Only last September, Serge Egelman warned the FTC and Google about this problem. Google officials reassured Egelman that they are working on this problem. They promised to address this breach to Android Q, which will be released later in 2019.

Breach: a problem or not

It is not the first time we hear that our apps do not actually need permissions from us to use private data. Some of them have third parties working for them, others steal GPS coordinates from photos. With each year, the number of warnings continues to grow. While it seems unlikely that apps’ devs will admit the problem, other app creators offer apps that will protect us from sharing the data. Usually, they require the same data they promise to hide from others to work properly. So, the main question is do you use any security protection apps? If yes, tell us about them. If no, would you care to explain your position?