Android apps are ploughing through our smartphones and collecting data, worse still, they are sharing data with each other.
Virginia Tech researchers found that devices can ‘pair’ to share data – something that could have far reaching consequences in terms of security.
The researchers analysed 110,150 apps over three years using a custom-built tool called DIALDroid.
“Researchers were aware that apps may talk to one another in some way, shape, or form,” said Gang Wang, an assistant professor at Virginia Tech’s department of computer science and one of the co-authors of the research.
“What this study shows undeniably with real-world evidence over and over again is that app behaviour, whether it is intentional or not, can pose a security breach depending on the kinds of apps you have on your phone.”
The team found out that apps tend to be in either one of two categories, malware apps specifically designed for that purpose; or secondly, apps that simply allow for collusion and privilege escalation.
Users are advised to read the permissions very carefully before downloading apps as it appears to be the most innocent ones that can pose the biggest security threat.
For example, a seemingly innocent torch app could leak a user’s geolocation data or contacts. It should be stressed however, that it is not necessarily the app developers’ intention to do this.
“Of the apps we studied, we found thousands of pairs of apps that could potentially leak sensitive phone or personal information and allow unauthorized apps to gain access to privileged data,” said fellow co-author Professor Daphne Yao.