Even torch app can leak phone info

Apps Could Be Steal­ing Data By Se­cretly Col­lud­ing With Each Other: Study

The Times of India (New Delhi edition) - - TIMES TRENDS - Aatif Sul­ley­man

An­droid apps are min­ing smart­phone users’ data by se­cretly col­lud­ing with each other, ac­cord­ing to a new study. Vir­ginia Tech re­searchers have found that apps can trade in­for­ma­tion, a ca­pa­bil­ity that can lead to se­ri­ous con­se­quences in terms of se­cu­rity.

The team an­a­lysed 110,150 apps — in­clud­ing 100,206 of Google Play’s most pop­u­lar apps — over three years, us­ing a cus­tom-built soft­ware tool called DIALDroid. “Re­searchers were aware that apps may talk to one another in some way, shape, or form,” said Gang Wang, an as­sis­tant pro­fes­sor at Vir­ginia Tech’s de­part­ment The types of threats fall into two cat­e­gories, ei­ther a malware app that is specif­i­cally de­signed to launch a cy­ber­at­tack or apps that sim­ply al­low for col­lu­sion and priv­i­lege es­ca­la­tion of com­puter science and one of the co-au­thors of the re­search. “What this study shows un­de­ni­ably with real-world ev­i­dence over and over again is that app be­hav­iour, whether it is in­ten­tional or not, can pose a se­cu­rity breach de­pend­ing on the kinds of apps you have on your phone.”

The team re­ports that the types of app fall into two ma­jor cat­e­gories: malware apps specif­i­cally de­signed to launch a cy­ber­at­tack; and apps that sim­ply al­low for col­lu­sion and priv­i­lege es­ca­la­tion. It added that the big­gest se­cu­rity risks came from some of the least ca­pa­ble apps.

Users should there­fore take more care to read through per­mis- sions be­fore down­load­ing an ap­pli­ca­tion they might not nec­es­sar­ily need. Some­thing seem­ingly in­nocu­ous, like a torch app, could for in­stance leak a user’s ge­olo­ca­tion data or con­tacts.

How­ever, the re­searchers stressed that it isn’t pos­si­ble to quan­tify the in­ten­tions of the de­vel­op­ers of apps that fall into the lat­ter cat­e­gory, so many of them could be col­lud­ing en­tirely un­in­ten­tion­ally. “Of the apps we stud­ied, we found thou­sands of pairs of apps that could po­ten­tially leak sen­si­tive phone or per­sonal in­for­ma­tion and al­low unau­tho­rised apps to gain ac­cess to priv­i­leged data,” said fel­low co-au­thor pro­fes­sor Daphne Yao.

Getty Im­ages

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.