Could one third of free Android apps be stealing sensitive data?
New research from security specialists Bitdefender suggests that as many as one third of free Android apps access and upload your private data (including your phone number) to third parties. Issues around privacy and security are constantly with us in the digital age. As more and more information about us is digitized, what happens to that data is becoming increasingly relevant.
The problem is with advertising. Other than the freemium business model, where in-app purchases are used to monetize an app, the majority of free apps use advertising to generate income. There are dozens of different mobile advertising platforms and each one offers its own software development kit and libraries to give the developer an easy way to integrate the adverts into his or hers app. But the question is what data are these mobile advertising platforms uploading to allow relevant and targeted adverts to be delivered?
The Bitdefender data shows that just under 33 percent of apps upload information such as your phone number, location, and your email address to third-party advertising companies. It is unclear from this research if any one app actually uploads your number, location and email all at the same time, but the study shows that 12% upload at least your phone number and some 17 percent of apps ask for permission to read your contacts, access your browsing history, and access your photo library.
Some third party advertisers automatically receive some of your personally identifiable information if and when you interact with an advertisement.
However the issue is a little less clear once you consider that most advertising platforms want to know your location so that you can be sent targeted ads. It is pointless sending a European adverts about a discount sale in New York. Likewise it is pointless sending a man adverts targeted at women and so on. I find adverts annoying, but I find unrelated, irrelevant adverts more annoying.
So assuming that there is legitimate data that an app needs to fulfill its monetization needs, the question remains are there apps which are uploading sensitive data which neither it or the mobile advertiser have a right to see? Bitdefender would say that there are such apps and would use words like “aggressive adware”. But it is interesting to note that the report also mentions that “you could always go ahead and install a mobile security solution that can spot malware and aggressive adware at a distance.” I would guess that Bitdefender would prefer that the “mobile security solution” that you install would be theirs!
So what do you think? Are Bitdefender trying to hype up this issue or is it in fact a real problem?