Six Android apps on Google’s Play Store found to secretively harvest data from users

Six apps from Chinese developer DO Global have been found to secretly collect user data and send it to Chinese servers. While these apps have now been removed, this issue has once again turned a spotlight on a serious privacy problem that continues to plague the Google Play Store: unwarranted app permissions. Android has a major problem, and it lies at the heart of its most popular application management system. This week, several security firms, in a joint effort with Buzzfeed news, confirmed that six popular Android apps have been unknowingly collecting user data and sending it to Chinese servers. The apps in question are from one publisher: DO Global, a Chinese-based app developer. The apps collected user data by surreptitiously prompting ad clicks without the users knowing. These clicks occurred even when the app was not active. This practice flies in the face of both Google’s terms of service for the Play Store and the EU’s General Data Protection Regulation, or GPDR. Under the GPDR, software must make users explicitly aware of when, how, and for what purpose it may collect data. Software must also obtain direct consent from users.

Google responded to the findings by saying:Developers are required to disclose the collection of personal data, and only use permissions that are needed to deliver the features within the app. If an app violates our policies, we take action that can include banning a developer from being able to publish on Play.Google has since removed the apps (listed below) from the Play Store, but that has not sated some critics; some Android users have called for punitive measures to be levied on DO Global as an example to other publishers that might attempt similar practices.

The biggest problem highlighted in this investigation is the inordinate amount of permissions that some applications request. As KitGuru pointed out, an app called “Emoji Flashlight” (which is a simple torch application) requests 30 different access permissions upon download. (Google notes that 7 of these are critical.) Why a flashlight would need more than one access permission (the LED light on a phone) is beyond comprehension, unless it is attempting to access user data for one purpose or another. Be careful when downloading applications, even from trusted sources like the Google Play Store and carefully read through an app’s permission requests before accepting any of them. The apps that were noted in this investigation include the following:Selfie CameraTotal CleanerSmart CoolerRAM MasterAIO FlashlightOmni Cleaner
Read More

MrHitech Author

The Guest's post, tutorial and FAQ (s) will be updated through this account. For any query/suggestion please feel free to contact us. We're on: @Facebook @twitter @Google+ @Linkedin @Youtube