Business Issues Channels Enterprise Services SME Technology
Module Header
Louella FernandesLouella Fernandes
Louella Fernandes
22nd April - Internet of Things: A New Era for Smart Printing?
Simon HollowayThe Holloway Angle
Simon Holloway
18th April - Virgin Media expose private email addresses
Craig WentworthMWD Advisors
Craig Wentworth
17th April - Box's enterprise customers step forward to be counted
Craig WentworthMWD Advisors
Craig Wentworth
16th April - Egnyte the blue touchpaper...

Blogs > Nigel Stanley

Google Android apps found to be sharing data
Nigel Stanley By: Nigel Stanley, Practice Leader - IT Security, Bloor Research
Published: 4th October 2010
Copyright Bloor Research © 2010
Logo for Bloor Research

Here's an interesting story that has recently emerged.

It's great to see some useful research into privacy issues and mobile phone applications. By "tainting" private data researchers were able to see exactly what happened to data once it left the confines of a user's mobile phone. Unsurprisingly two thirds of the applications studied used private data suspiciously—be it the SIM card serial number, phone number or device ID.

When users install these apps they are informed that their personal information may be accessed, but I wonder how many realise the wealth of information an application can get hold off? Due to the personal nature of mobile phones, which most of us carry all day and every day, unscrupulous applications are capable of getting to some of our most private data. This data is far richer than most as it contains important contextual data such as user location, a real valuable commodity to advertisers wanting to target their wares.

My real concern is for the bad guys. The blanket permissions a user gives on installing an app can give carte blanche to malware and spyware providers to collect as much private data as they want, under the protective nicety of a simplistic warning from the operating system.

The obvious advice would be to warn users to be very careful which applications they download, but we can't expect users to reverse engineer each application looking for security and privacy issues before they download it. A better solution would be for app store providers to "rinse" each application through an automatic code security test (such as the one provided by the folks at Veracode) to seek out problems before the software is published, thereby giving users a better degree of reassurance that apps they download are safer.

At least then we could believe an app store provider when they say they are trying to protect users.


Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761