{"id":13400,"date":"2017-08-14T08:00:06","date_gmt":"2017-08-14T12:00:06","guid":{"rendered":"https:\/\/www.psafe.com\/en\/blog\/?p=13400"},"modified":"2018-05-21T18:32:00","modified_gmt":"2018-05-21T22:32:00","slug":"android-apps-are-conspiring-to-steal-your-data","status":"publish","type":"post","link":"https:\/\/www.psafe.com\/en\/blog\/android-apps-are-conspiring-to-steal-your-data\/","title":{"rendered":"Android Apps Are Conspiring to Steal Your Data"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Apps on the average Android device have access to mountains of personal information. Thanks to broad and oftentimes unnecessary permission settings, these apps know users\u2019 exact location, email information, passwords, credit cards numbers and expiration dates, health status, browsing habits, and more; the list goes on. What\u2019s even worse is that apps are now sharing this wealth of information with each other, filling in information gaps to provide app developers with an unsettling amount of private data.<\/span><\/p>\n<p>According to a recent study undertaken by security researchers at Virginia Tech, apps have been trading information, some with an intention to mine private user data. Using a software tool named DIALDroid, which was custom-built for the study, researchers were able to uncover more than 23,000 such colluding pairs. In particular, researchers pinpointed a relatively small number of sender apps involved in a vast majority of the uncovered, colluding pairs.<\/p>\n<p><b>Read More: <\/b><a href=\"https:\/\/www.psafe.com\/en\/blog\/using-oneplus-aware-security-vulnerabilities\/\"><b>Using a OnePlus? Be Aware of These Security Vulnerabilities<\/b><\/a><\/p>\n<p><b>The Culprits<br \/>\n<\/b><span style=\"font-weight: 400;\">The worst offenders were often those apps that appeared entirely innocent on the surface. The apps most likely to engage in this collusion practice were ones that provided users with wallpapers, ringtones, new emojis, and even flashlight services. In one instance, a torch app leaked the geolocation and contact data of users. In another instance, an app designed to provide Muslim users with prayer times made location data available to other apps within the same device.<\/span><\/p>\n<p><b>The Good News and the Bad News<br \/>\n<\/b><span style=\"font-weight: 400;\">According to Daphne Yao, a member of the security research team, the actual rate of collusion between these compromising apps is generally quite low. On the other hand, Yao notes that now that the security flaw has been exposed, it is more likely to be taken advantage of by hackers. Developers of malicious apps who have been made aware of the breach might be inclined to exploit this flaw. In addition, while the rate of collusion was low, the recorded information-sharing instances displayed a reckless attitude towards private data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Regardless of whether app sharing is intentional by individual apps, this type of security flaw still poses a danger for serious security breaches. Malicious apps looking to take advantage of this opening have the potential to collude with unsuspecting, authentic apps. In fact, a malware attack targeting Google accounts in 2016 did just that. By accessing login information through malicious apps\u2019 collusion with Google apps, hackers were able to breach more than one million accounts across Asia and the Americas. If you\u2019ve never paid much attention to the permissions that you give certain apps, it\u2019s time to start paying attention.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Separately, the apps on your Android hold mountains of personal information. Together, they know everything there is to know about you.<\/p>\n","protected":false},"author":83,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[5],"tags":[747,1203,1673,9],"class_list":["post-13400","post","type-post","status-publish","format-standard","hentry","category-security","tag-android-apps","tag-android-phone","tag-android-tips","tag-mobile"],"_links":{"self":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/13400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/users\/83"}],"replies":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/comments?post=13400"}],"version-history":[{"count":1,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/13400\/revisions"}],"predecessor-version":[{"id":18593,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/13400\/revisions\/18593"}],"wp:attachment":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/media?parent=13400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/categories?post=13400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/tags?post=13400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}