back to article Boffins tag Android app privacy fails

A group of researchers from universities in Luxembourg, Germany and the US say they can dramatically improve the detection of privacy leaks between Android processes. The researchers, led by Li Li of the University of Luxembourg, are looking for ways to identify apps that send private data outside the app's own domain without …

COMMENTS

This topic is closed for new posts.

Which Android versions?

My immediate question is: which Android versions, and how does this affect the security?

It's still possible to buy a brand new phone running ICS which will never, ever be upgraded. What does that do to the security of email, banking, and other information that is commonly access via a smartphone?

5
0

..and which Android Stores?

>randomly selected from the Google Play store as well other third-party markets

> only a dozen apps out of the 3,000 tested actually revealed privacy leaks

How many of these 12 apps were actually sourced from Google Play?

0
0
Gold badge
Unhappy

Excluding the data Android leaks itself of course

But what did you expect from Google.

2
4
Anonymous Coward

Re: Excluding the data Android leaks itself of course

What data? As my experience is that Google are pretty upfront about what you give up, and Android permissions are informative on that point too.

3
2
Bronze badge

Permissions creep

Since Android apps frequently grant themselves ( with a click-through acceptance of course) permissions that open access to everything on the phone, for the slightest ( or no) reason, this highly technical and academic analysis remains just that, academic. There's not a lot of point bothering about loose window catches when the door is wide open.

5
2
Anonymous Coward

Why do you put up with so much BS?

Maybe one day, when all this BS is sorted out, I can finally upgrade from my perfectly useful and adequate 'dumbphone'. At the moment there's just too much BS involved with these 'smart' phones for me to actually want to carry a small computer around, considering I only really NEED to have a means of telephone contact in case of crisis or impatient domestic arrangements. Everything else is just a toy, really. Yes, I do think it would be nice to have a camera on me at all times, but from what I've seen of the quality I'm not missing much, especially at the prices I'd be willing to pay for an entry-level device.

Please sort it out guys, then I might jump on board. Get the privacy and permissions sorted, the horrific tablet user interfaces, the mediocre cameras, the charging every day, it all leaves me cold. Until then, my little charge-once-a-week GSM phone remains all I need.

4
3
Bronze badge

Re: Why do you put up with so much BS?

I used to have a small PDA device, which I used to keep work notes digitally and an appointments diary and send them to my PC. Sadly the world (and pro users in particular) turned against these devices and poured scorn on them, preferring to just put everything on the phone. We have many people now who just use their mobile phone instead of a watch, an alarm clock, a camera, PDA, diary, satnav and a fixed phone.

So that those of us who either don't want to be slaves to Google\Apple or who want a device that's really actually good at the thing is is meant to do (for a reasonable price) are left with nowhere to go.

We're stuck with Google\Apple devices that watch our every move and in return provide a good snaps camera, a reasonable PDA, a poor alarm clock, a lousy calendar and a terrible phone.

1
0
Silver badge
Thumb Up

Re: Why do you put up with so much BS?

"Maybe one day, when all this BS is sorted out, I can finally upgrade from my perfectly useful and adequate 'dumbphone'. "

I'm similar, but not quite as much of a stuckist :-)

I love my android tablet, but there is a maintenance requirement that I have no desire to deal with on my phone.

My phone is an old symbian Nokia E63 which I don't intend to replace until it dies (at which point I'll be looking for another E63)

P.S. The E63 has ssh/putty, a camera, and a decent web browser by the still supported UC browser.

Not bad for a phone that came from 'the back of my brothers sock draw', and costs 2p per text, 3p per min voice, 1p a meg data (with 300mb free for a month when you top up £5) and no monthly fees!

0
0

Re: I used to have a small PDA device ...

I've got an old Zaurus I would sell you ... except I'm still using it. Otherwise couldn't agree more ... if only I could get Opie on my phone instead of android :-)

0
0
Bronze badge
WTF?

Incorrect platform

Android is a data-harvesting platform for mighty google. Fact that they found a dozen apps that retrieved/shared private data is irrelevant. Android devices store wifi passwords in the cloud, nuff said.

If you use Android and expect privacy, you need a brain transplant.

3
4
Silver badge

Android devices store wifi passwords in the cloud

By DEFAULT.

Thankfully you can turn this off, but I suspect that many will discover this AFTER their small measures of security have been horribly and intentionally compromised; and remember, Google is a US company. No such thing as privacy there, their legal system makes that extremely clear time and again.

1
1
Bronze badge
Meh

Re: Android devices store wifi passwords in the cloud

Thankfully you can turn this off

And, we can trust Google to do that???

0
1
Anonymous Coward

Re: Android devices store wifi passwords in the cloud

And iCloud is no better?

1
0

Would nice if the register provided some help in how to reduce or fix these issues, highlighting them is all very well but readers are no further forward in trying to reduce the leakage that inevitability happens. This isn't unique to any specific vendor because peoples private data is treated very badly by pretty much any company or organisation that holds it.

2
0
Silver badge

Simple. Buy an iPhone.

Seriously, as trollish as that comment may sound, there is no other way of looking at this than as the product of extremely bad design. Google dun bad. I understand there are other reasons you may not want to buy an iPhone, but on the basis if this issue, it's an answer.

Apple get criticised for it because of the implied delay, but they have a history of identifying which features benefit from careful planning, not rushing those features, and elaborating them with care before release. They did so with copy and paste (since copied wholesale by Android) and then multi-tasking and the result is superior OS control for preventing bad actors (Android's approach by contrast was more akin putting a bucket of money in the middle of the street and saying "now now everyone, be sure to only take what you need and leave enough for others" ). They erred on the side of caution and user control with app permissions, and compared with Android have generally got that whole area right. And they have taken the same approach with inter-app communications and data sharing (e.g, there is virtually non - except between apps owned by a single company and via registering to be able to receive process certain mime types). They knew it was something low on the feature list and that it has huge security implications. Few users really miss it/need it. Indeed Apple even restricted the shared clipboard facility when they realised there was a security threat. And if previously reliable sources are correct they are now ready to put a comprehensive framework in place at this years WWDC.

Generally the result is iOS, though more restricted, is proving to be far more secure (obvious major snafu's like the goto:fail cert bug aside - but at least such security issues when identified are quickly addressed with an update available to all users).

1
3
This topic is closed for new posts.

Forums