Be careful what permissions you sign away to your Android apps.
The study, conducted by researchers at Intel, Duke, and Penn State, looked at 30 of the most popular apps which ask for permission to access to the Internet and your phone’s location. The researchers found that 15 of them were sending that information on to ad networks, and none of them asked permission or mentioned this practice in their end-user licence agreements (EULAs).
The study also found some of the apps sending out users’ phone numbers or unique device identification codes, also without permission. Two-thirds of the apps committed at least one of these violations.
There’s nothing inherently nefarious about sending location data to ad networks — better targeted ads are more likely to be of interest to users, and the revenues from them help keep apps free. But sharing this information without disclosing that fact is clearly an abuse. It’s shocking that so many top apps are getting away with this.
Fortunately, help is on the way. The researchers plan to make the diagnostic tool they used for the study, TaintDroid, available for public use soon. Here’s a video of the app in action: