Did You Turn of Tracking? Guess What?  Apps are Still Tracking You

Android Q, the next version of Google’s mobile OS, is set to fix Android’s broken permission system. However, versions in use now give developers easy ways to get around user preferences for apps not to track their location and device. 

Researchers from the International Computer Science Institute (ICSI) detail in a new paper that 1,325 Android apps – some of which are installed on 500 million phones – are using sneaky but easy tricks to get around restrictions in the Android permissions model.

The permissions model is meant to let users deny an app access to information such as their location data or unique device identifiers.

The researchers scanned over 88,000 apps for signs of developers employing side and covert channels to gather the information that would allow software makers and advertisers to track users across devices, websites, and apps. 

This tracking could include accessing shared storage on an SD card to obtain information, such as a device’s IMEI number, which should not be accessible if the app obeyed a deny on the READ_PHONE-STATE permission. 

The IMEI is useful for tracking purposes because, unlike the Advertiser ID, it cannot be reset or changed. 

 

Malcare WordPress Security