PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Some Android Apps Use Personal Data 'Suspiciously,' Report Says

Chloe Albanesius
 & Chloe Albanesius Executive Editor, News

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

How secure are your smartphone apps? What type of data is being distributed when you fire up your horoscope, check the weather, or log-in to your favorite social network?

A report released this week from researchers at Penn State, Duke, and Intel Labs found that in a study of 30 randomly selected, popular Android apps, about two-thirds of them "used sensitive data suspiciously."

Google responded that users must give app developers explicit permission before access to any personal data is granted.

Researchers used something called TaintDroid, an extension to the Android platform that tracks the flow of sensitive data through third-party applications. It automatically labels (or taints) data from privacy-sensitive sources, and logs the data's labels, the application responsible for transmitting the data, and the data's destination.

The study found that 358 apps in the Android Market require Internet permissions, as well as permissions to access location, camera, or audio data. Of those 358, researchers randomly selected 30 apps, including ones for The Weather Channel and BBC News.

TaintDroid flagged 105 instances in which the apps transmitted tainted data; 37 of which researchers said were legitimate. Overall, the report found 68 instances of potential misuse of users' private information across 20 applications, the report said.

Fifteen of the 30 apps reported user locations to remote advertising servers, and seven apps collected the device ID, and sometimes the phone number and SIM card serial number. One app even transmitted phone information every time the phone booted – even if the app has not been used. Overall, two-thirds of the apps used data suspiciously, researchers concluded.

Recommended by Our Editors

Wikipedia Editors Could Strike Following Layoffs
Wikipedia Editors Could Strike Following Layoffs
Blue Origin’s New Glenn Rocket Explodes Spectacularly During Ground Test
Blue Origin’s New Glenn Rocket Explodes Spectacularly During Ground Test
Google Engineer Charged for Using Insider Info to Win $1.2M on Polymarket Bets
Google Engineer Charged for Using Insider Info to Win $1.2M on Polymarket Bets

"While some mobile phone operating systems allow users to control applications' access to sensitive information, such as location sensors, camera images, and contact lists, users lack visibility into how applications use their private data," the report said.

If someone allows access to their location information, for example, that person has no way of knowing if the app will send that location to a location-based service, to advertisers, to the app developer, or any other entity, the report said.

As a result, Android's access control "provide insufficient protection against third-party applications seeking to collect sensitive data," researchers concluded.

Google said in a statement that all users entrust at least some of their data to developers when downloading applications.

"Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer," a spokesman said via e-mail. "We also provide developers with best practices about how to handle user data."

Users installing an app from the Android Market see a screen shot that explains what information the application has permission to access, like location or contacts, Google said.

"Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time," the spokesman said. "Any third party code included in an application is bound by these same permissions. We consistently advise users to only install apps they trust."

About Our Expert

Chloe Albanesius

Chloe Albanesius

Executive Editor, News

My Experience

I started out covering tech policy in DC for The National Journal, where my beat included state-level tech news and all the congressional hearings and FCC meetings I could handle. I later covered Wall Street trading tech before switching gears to consumer tech. I now lead PCMag's news coverage.

My Areas of Expertise

Getting my start in DC means I still have a soft spot for tech policy; Congressional hearings can sometimes be as entertaining as a Bravo reality show, for better or worse. But PCMag is all about the technology we use every day, as well as keeping an eye out for the trends that will shape the industry in the years ahead (or flop on arrival). I've covered the rise of social media, the iOS vs. Android wars, the cord-cutting revolution that's now left us with hefty streaming bills, and the effort to stuff artificial intelligence into every product you could imagine. This job has taken me to CES in Vegas (one too many times), IFA in Berlin, and MWC in Barcelona. I also drove a Tesla 1,000 miles out west as part of our Best Mobile Networks project. Of late, my focus is on our hard-working team of reporters at PCMag, guiding and editing their robust coverage.

Read the latest from Chloe Albanesius

Read full bio