sciencetech-blog

comments

Android apps are spying on users far more than expected, a new study has found.

The research by Vocativ shows the apps that can access user's microphones, call logs and contacts.

It found one of the worst offenders was a game aimed at children. 

The research by Vocativ shows the apps that can access user's microphones, call logs and contacts. AntiVirus Security, Viber and Facebook top the charts.

Called Happy Fish, developer HappyElements, programmed the game so that it can collect a precise location, has access to your photos and can read your text messages. 

It can even tell which Wi-Fi network you're using.

Android users have taken to messageboards to complain about the problems.

The hugely popular game Fruit Ninja asks users for permissions described as 'crazy' by users.

One reviewer wrote 'I will never install this until it is clear as to why the developer needs access to all your private content.'

The chart ranks the apps (top to bottom) that ask for the most permissions. 

AntiVirus Security, Viber and Facebook top the charts.

However, more than half of the 25 apps have access to contacts, and about a third tap into text messages, call log and microphone.

The key to the permissions, experts say, is ads.

'These advertisers are trying to get more targeted information about you, so they can get more targeted ads,' PrivacyGrade.org founder and Carnegie Mellon professor of computer science Jason Hong said.

'These apps access information about a user that can be highly sensitive, such as location, contact lists and call logs, yet it often is difficult for the average user to understand how that information is being used or who it might be shared with,' 

'Most developers aren't evil, but they often don't know what to do with respect to privacy and security,' Hong added, explaining that some developers may simply collect data with their apps because they can, and nobody stops them.

WHAT CAN YOU DO?

PrivacyGrade.org keeps track of hundreds of apps, and publishes its ratings for them.

It says that for Android smartphones, you only have a few options. 

If you're feeling particularly sensitive about privacy, you can delete the app. 

PrivacyGrade also names and shames Fruit Ninja, Despicable Me & Talking Tom as popular apps with poor privacy

Alternatively, you can try to find a replacement app that has similar functionality (e.g. there are many flashlight apps that don't need an Internet connection or location data). 

If you're worried about location data, you can turn off location services.

Also, generally speaking, for-pay apps are better about privacy than free apps. 

The site assigns letter grades to more than one million free Android apps, ranging from an A+ for the puzzle game Lazors to a D for the Despicable Me: Minion Rush game. 

The grades are assigned automatically using a privacy model that the researchers developed based on the preference ratings of 725 users. 

The final grade is based in part on an automated analysis of how an app uses sensitive data — whether it is essential for the app operation or whether it is shared with advertisers and marketers.

Part of the grade is based on survey information about how comfortable users are with information being used in those ways. 

'Our privacy model measures the gap between people's expectations of an app's behavior and the app's actual behavior,' said Hong. 

'Most people expect apps such as Google Maps to be able to access their location, but most are surprised and troubled to learn that a game accesses their location.'  

The second part of Vocatic's research, revealing apps such as Twitter,and Chrome.

 PrivacyGrade.org keeps track of hundreds of apps.

'Today's smartphones have an incredible array of capabilities,' it says.

'Smartphones have access to our communications (email, contacts list, and social networks), activities (location, call logs, photos, accelerometers), and more. 

'However, some apps access this sensitive data in ways that people do not expect. 

'These are not just hypothetical risks either: several app developers have already been fined by the Federal Trade Commission for deceptive uses of people's data.' 

Last year the Federal Trade Commission offered guidelines to developers, but they are often ignored.

In 2013, Path, the social networking site, was fined $800,000 for deceiving users by collecting phone numbers from its address book. 

In September 2014 , review site Yelp forked over $450,000 for collecting location data about its underage users. 

The FTC says: 'The complexity of the ecosystem raises 21st century concerns: When people use their mobile devices, they are sharing information about their daily lives with a multitude of players.

'How many companies are privy to this information? How often do they access such content and how do they use it or share it? What do consumers understand about who is getting their information and how they are using it?'