A team from the University of Virginia Engineering has discovered, via the DIALDroid program, a serious privacy flaw for users on the Play Store
Android apps, as is now well known, make a connection between them to share our information without first asking us for any permission. Researchers at Virginia Tech have created a tool, DIALDroid, to monitor this phenomenon. The results are alarming.
The team of the Department of Computer Science at the University of Engineering of Virginia, in the United States, has analyzed over 110 thousand applications in the last three years. The purpose was to monitor what user information the apps were collecting and sharing without asking for permission. The research showed that many apps, even if they require permission to access location, camera or contacts, can obtain the same information using other apps on our Android smartphones, should we decide not to accept the request.
New problem for the Google Play Store
This phenomenon, which is widespread, poses a new problem for the Google Play Store: the protection of user privacy. A fact certainly not negligible, especially after the recent problems for the Android Store. Among all the apps analyzed, the researchers declared that at least 25 thousand were making secret agreements to share the information collected on the various users. Basically it’s those data defined as privileged, that is, those that the user must authorize.
Security Threat
The problem is not limited to sharing. The violation of our privacy, in fact, is not the only danger linked to this growing phenomenon. Many of the apps analyzed, in fact, do not protect our data during the exchange process, making it very easy for a cyber criminal to take possession of our most confidential information. This means that apps are constantly violating standard security requirements. And beware because it’s not just big-name apps that are affected. Simple services for creating emoji and other theoretically unsuspected apps have also been reported among the apps that affect the sharing of confidential data. In the future, according to Virginia researchers, hackers could also create malware designed ad hoc to steal information from this data exchange. The advice, therefore, is to constantly monitor the permissions given to apps and to use the DIALDroid program for every check, available for free on GitHub.