Apps Stealing from Other Apps Can Compromise Your Security
Just when you thought you had protected yourself from apps looking to steal your information. Now apps are stealing from each other to piece together user data.
Most security features can pinpoint apps that steal sensitive user data. When two apps work together, however, it becomes much more difficult to detect the collection of private information. A study released by Virginia Tech uncovered upwards of 20,000 app pairings that can share information in a way that threatens user security. Always take extra measures, keep your apps protected from prying eyes by activating the applock feature now:
The Virginia-based security researchers discovered that the risk of privacy exposure for users significantly increased when apps shared information in pairs. Hackers can uncover highly sensitive information about users by combining the data from a navigation app with that of an itinerary, thanks to this flaw.
Read More: Do Yourself a Favor: Lock Your Smartphone
Privilege escalation is a technique utilized by apps and developers to gain deeper access to data and secure information. Apps are able to do this by exploiting a gap within the system such as a bug or a design flaw. Once apps are able to escalate their privileges through this technique, they can perform unauthorized actions. A significant portion of the apps identified in the study relies on privilege escalation to leak and pair data. While such apps would normally never be granted access to sensitive information, the exploitation of bugs and design flaws allows them to expand their reach and potential actions.
Malicious or Not?
When looking at the app pairings uncovered by security researchers, it is hard to pinpoint which specific pairings are intentionally engineered for the purpose of stealing data. Often, only one of the paired apps is malicious. Other times, both of the apps are simply poorly designed. Regardless, the pairing of this data can prove useful to hackers who can access their app log files, regardless of whether or not the flaw was maliciously constructed.
Information at Risk
When relying on calendar, online shopping, and communication apps, beware of the data privileges assigned to such services. App pairings can result in the leaking of user contacts and geolocation, and can even allow access to the web. The apps most susceptible to such dangers are often free since developers are trying to entice users, but the app could also contain several design flaws.
Moving forward, Android mobile users should be aware of the security levels of their apps, both new and old. Users should also be cognizant of the permissions granted to each application, should always read the terms of service, and should never trust apps to have access to information beyond what is strictly necessary.