We talk about iPhones here a lot, since they’re Apple devices, but some Mac users may use or want to use an Android phone, or may simply not have the coverage necessary to use an iPhone. While iPhone security issues always get a lot of coverage, it’s important to point out that other smartphones have problems as well. In particular, it turns out that many Android apps collect user data in ways that users are unaware of, and that “Android’s course-grained access control provides insufficient protection against third-party applications seeking to collect sensitive data,” according to a paper to be presented at the USENIX Symposium on Operating Systems Design and Implementation next week.
As Cnet reports, researchers developed a tool called TaintDroid that “analyzes in real-time what potentially sensitive information is collected, including GPS data, phone number, contacts, IMEI (International Mobile Equipment Identity) number that identifies the device, and the SIM card serial number.” With this tool, they looked at 30 of the most popular Android apps, and determined that 2/3 of them collected such data.
While many people worry about security vulnerabilities in smartphone apps, data collection can be a more serious issue, given the types of confidential data these devices contain. It remains to be seen just what the companies behind these apps do with the data, but nothing prevents an app from “phoning home” and giving its developer more data than you would want it to. And, as The Register points out, “There are no guarantees apps for Apple’s iPhone or Research in Motion’s Blackberry would fare any better if subjected to the same scrutiny.”