"Even the most cautious of privacy-conscious Android users may be unwittingly sharing more sensitive data with more third parties than they realized -- or even intended to authorize.
In a recent joint study by Duke University, Penn State, and Intel Labs, researchers found that 15 of 30 popular Android applications sent users' geographic location to remote advertisement servers -- even though users may have only granted the app permission to access that data for the sake of unlocking location-based features
Meanwhile seven of the 30 applications -- without explicit warning -- sent unique phone (hardware) identifier, and, in some cases, the phone number and SIM card serial number to developers. All in all, researchers found that two-thirds of the applications in the study exhibited "suspicious handling of sensitive data."
InfoWorld - Android apps share more sensitive data than users realize
"Specifically, the researchers found that two-thirds of the 30 apps in the sample used sensitive data suspiciously, half share location data with advertising or analytics servers without requiring "implicit or explicit user consent," and one-third expose the device ID, sometimes with the phone number and the SIM card serial number. In all, the researchers said they found 68 instances of potential misuse of users' private information across 20 applications.
"The permissions screen says, 'here is what the app can access'...but that screen doesn't say how the app is going to use that information once it retrieves it," William Enck, a PhD student at Pennsylvania State University and one of the co-leaders on the project, told CNET today. "Right now users have to be more diligent with the apps they install, look closely at the permission screen, and assume that that information may be misused. Just like when you are on a Web site. Better to be safe than sorry."
CNET - What's that Android app doing with my data?
"The study may be the best evidence yet that Android users have little way of knowing what happens to the wealth of information stored on their phones when they install any one of the 70,000 or so apps available in the Google-sanctioned Market. The search giant is quick to say that before Android apps can be installed, users see a screen informing them what personal information can be accessed by the software. But as the researchers point out, knowing what an app is capable of is different than what knowing what it actually does."
"And to be fair, there's no way of knowing what liberties apps on competing platforms take with users' personal information. The researchers were able to monitor Android apps only because the operating system is open source. That allowed them to develop TaintDroid, software that labels, or taints, data from privacy-sensitive sources so it can be monitored in real time. There are no guarantees apps for Apple's iPhone or Research in Motion's Blackberry would fare any better if subjected to the same scrutiny."
The Register - 2 out of 3 Android apps use private data 'suspiciously'
"A controversial study released in June 2010 by smartphone security vendor SMobile (just acquired by Juniper) said that 20% of Android applications were seeking access to sensitive data. The report was trumpeted in an barrage of scare headlines implying the applications therefore were unsafe. (Network World's own headline was a more circumspect: "20 percent of Android apps can threaten privacy, says vendor".) Many Android developers noted that users explicitly grant permission to these applications, and access to such data is often necessary.
But the TaintDroid project digs deeper: the question is, once access is granted, what actually does the application do with the data?"
NetworkWorld - Many Android apps leak user privacy data: Researchers find permitted apps transmit phone numbers, location, and SIM card IDs
The InfoWorld article says it best when it says:
"The moral in all this remains "download mobile-phone apps with discretion," a mantra that doesn't apply only to Android users. At the BlackHat conference in August, Lookout Mobile Security revealed that third-party smartphone apps for both Android and iPhone were stealing user information and transmitting it to China."
I am not sure how much I need to add to the above. People have learned to be concerned about viruses on computers and to be wary and protect their online banking and such, but cell phones are "fun" gadgets that are not daunting or scary to people the way computers are.
So they just merrily download whatever seems fun at the time.
Now scroll back up the page and look at the picture of the van - and think...