Awareness around data integrity is improving every day, but are your efforts to shore up your sensitive personal information in vain?
Unfortunately, the answer appears to be yes.
Have you ever had a phone conversation about a brand or product, only to hop onto your browser later that day and be inundated with ads for the same product?
It’s enough to make anyone do a double take, and it’s been the source of an old legend: our phones record our conversations.
In their 2018 study, undergraduate Elleen Pan and doctoral candidate Jingjing Ren set out to test this very theory, analysing over 17,000 of the most popular Android apps.
9,000 of those apps had the potential to be unfaithful to the user.
While no evidence was found of recorded conversations, the apps in question took screenshots of activity before forwarding them onto third parties.
That’s just a tad horrifying.
David Choffnes, who was one of two computer science professors who oversaw the study, commented on the findings: “We found that thousands of popular apps have the ability to record your screen and anything you type.
“That does include your username and password, because it can record the characters you type before they turn into those little black dots.”
“We knew we were looking for a needle in a haystack,” Choffnes said, “and we were surprised to find several needles.”
Although the privacy breaches over the course of the study were largely benign, it drives home just how easy it could be for your phone to be exploited for cash.
“This opening will almost certainly be used for malicious purposes, it’s simple to install and collect this information,” said Christo Wilson, the other computer science professor on the research team.
“And what’s most disturbing is that this occurs with no notifications to or permission by users.
“In the case we caught, the information sent to a third party was zip codes, but it could just as easily have been credit card numbers.”
It should be noted that while the study was only conducted on Android apps, the study concluded that iOS apps were likely guilty of similar breaches.
So, how do we combat this betrayal?
Android Q teases new and improved privacy controls
While there’s no quick fix for this loophole, greater app security is a major point of emphasis in the upcoming Android Q release.
In the new edition of the popular OS, a status bar feature displays when sensitive phone permissions are in use and which apps are responsible.
Among these fresh features will be a list that displays:
- Apps by most frequently accessed permission
- Apps by most permission use
- Apps that gained recent permission access
This will be a significant upgrade over Android’s current permission screen, which is a simple series of on/off switches.
Other improvements include greater visibility on why apps need certain permissions and GPS services being actively turned off when an app is running in the background.
In theory, these updates should help users make informed decisions around which apps could be up to no good.