Android Apps Are Conspiring to Steal Your Data

Apps on the average Android device have access to mountains of personal information. Thanks to broad and oftentimes unnecessary permission settings, these apps know users’ exact location, email information, passwords, credit cards numbers and expiration dates, health status, browsing habits, and more; the list goes on. What’s even worse is that apps are now sharing this wealth of information with each other, filling in information gaps to provide app developers with an unsettling amount of private data.

According to a recent study undertaken by security researchers at Virginia Tech, apps have been trading information, some with an intention to mine private user data. Using a software tool named DIALDroid, which was custom-built for the study, researchers were able to uncover more than 23,000 such colluding pairs. In particular, researchers pinpointed a relatively small number of sender apps involved in a vast majority of the uncovered, colluding pairs.

Read More: Using a OnePlus? Be Aware of These Security Vulnerabilities

The Culprits
The worst offenders were often those apps that appeared entirely innocent on the surface. The apps most likely to engage in this collusion practice were ones that provided users with wallpapers, ringtones, new emojis, and even flashlight services. In one instance, a torch app leaked the geolocation and contact data of users. In another instance, an app designed to provide Muslim users with prayer times made location data available to other apps within the same device.

The Good News and the Bad News
According to Daphne Yao, a member of the security research team, the actual rate of collusion between these compromising apps is generally quite low. On the other hand, Yao notes that now that the security flaw has been exposed, it is more likely to be taken advantage of by hackers. Developers of malicious apps who have been made aware of the breach might be inclined to exploit this flaw. In addition, while the rate of collusion was low, the recorded information-sharing instances displayed a reckless attitude towards private data.

Regardless of whether app sharing is intentional by individual apps, this type of security flaw still poses a danger for serious security breaches. Malicious apps looking to take advantage of this opening have the potential to collude with unsuspecting, authentic apps. In fact, a malware attack targeting Google accounts in 2016 did just that. By accessing login information through malicious apps’ collusion with Google apps, hackers were able to breach more than one million accounts across Asia and the Americas. If you’ve never paid much attention to the permissions that you give certain apps, it’s time to start paying attention.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Why Updating Android Helps Protect Your Phone, Even When Nothing Looks Different

Have you ever put off an Android update because you figured nothing would really change…

57 years ago

Your Phone Knows Where You’ve Been. Here’s Why That Matters More Than Ever

Do you know how many places your phone can remember from just one ordinary week?…

57 years ago

Does Changing Your Password Every Week Make Your Account Safer? Myth or Fact

You’ve probably heard that changing your password every week is a smart way to keep…

57 years ago

What Happens When You Tap “Allow” on an Android App?

You install a new app, open it for the first time, and the screen pops…

57 years ago

5-Minute Monthly Phone Check: What to Review on Android

You unlock your phone to answer a quick text and, without even noticing it, pass…

57 years ago

What Happens to Your Data After You Close an App?

You open an app to order food, check your bank balance, chat with friends, or…

57 years ago