Smartphone Apps Covertly Report Your Location Data

Uploaded on 2015-04-03 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Developments

location-data-sharing.jpg

Do you realize how often your smartphone is sharing your location data with various companies? It is more than 5000 times in just two weeks. 

A recent study by the security researchers from Carnegie Mellon reveals that a number of smartphone applications collect your location-related data a lot more than you think.

The security researcher released a warning against the alarming approach: "Your location [data] has been shared 5,398 times with Facebook, GO Launcher EX, Groupon and seven other [applications] in the last 14 days." 

During their study, researchers monitored 23 Android smartphone users for three weeks.

    First Week - Participants were asked to use their smartphone apps as they would normally do.
    Second Week - An app called App Ops was installed to monitor and manage the data those apps were using.
    Third Week - The team of researchers started sending a daily “privacy nudge” alert that would ping participants each time an app requested location-related data.

Researchers concluded: Some apps for Android are tracking user's movements every three minutes.
Some apps for Android are attempting to collect more data than it needed. Groupon, a deal-of-the-day app, requested one participant's coordinates 1,062 times in two weeks. Weather Channel, a weather report app, asked device location an average 2,000 times, or every 10 minutes. The participants were unaware of how closely they are being tracked by different apps, and many were surprised by the end results.

"4,182 (times) – are you kidding me?" one of the participants asked. "It felt like I'm being followed by my own phone," adding "It was scary [that the] number is too high."

Another participant wrote, "The number (356 times) was huge, unexpected."

The research team found that privacy-managing software helped manage access to data. When the members granted access to App Ops, they collectively checked their App permissions 51 times and restricted 272 permissions on 76 different apps.

Just one of the participants failed to review permissions. 

As per users mentality, once the participants have made the changes to the app permission, they hardly looked at them after a few days.

“App permission managers are better than nothing, but by themselves they aren’t sufficient,” said Norman Sadeh, a professor at Carnegie Mellon. “Privacy nudges can play an important role in increasing awareness and in motivating people to review and adjust their privacy settings.”

With the help of App Ops privacy app, in the span of eight days, the participants collectively reviewed app permissions 69 times, blocking 122 additional permissions on about 47 different apps.

Ultimately, the team believes that if a user began getting the privacy nudges on a daily basis, they'll definitely go back to their privacy settings and restrict apps that are tracking users more closely.

The Hacker News:

« Battle for African Internet Users Stirs Fears
Facebook Successfully Tests Laser Drones in UK Skies »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Hotlava Systems

Hotlava Systems

HotLava network adapters enable today's powerful servers and workstations to deliver more productivity by reducing congestion at the network interface.

Herjavec Group

Herjavec Group

Herjavec Group's Managed Security Services practice defends your organization from increasingly sophisticated, targeted cybercrime threats.

Idaho National Laboratory (INL)

Idaho National Laboratory (INL)

INL is an applied engineering laboratory dedicated to supporting the US Dept of Energy's missions in energy research, nuclear science and national defense including critical infrastructure protection.

IoT Defense

IoT Defense

IoT Defense (IOTD) is a cybersecurity and networking company building solutions that enable the protection of networks and the ever-increasing prevalence of IoT devices.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

NuCrypt

NuCrypt

NuCrypt is developing technology that is applicable to ultrahigh security data encryption as well as key distribution.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

Seadot Cybersecurity

Seadot Cybersecurity

Seadot offer cybersecurity services to organizations with a high demand for regulatory compliance and security.

SIA Group

SIA Group

SIA Group, an Indra company, combines Consulting, Systems Integration and Managed Services in four specialized business areas: Information Security, Storage, IT Management and IT Mobility.

Luxembourg House of Financial Technology (LHoFT)

Luxembourg House of Financial Technology (LHoFT)

Offering start-up incubation, co-working spaces including a soft-landing platform, the LHoFT connects and creates value for the entire Luxembourg FinTech ecosystem.

Indian Cyber Security Solutions (ICSS)

Indian Cyber Security Solutions (ICSS)

Indian Cyber Security Solutions is an Enterprise Cyber Security Platforms company offering Cyber Security & Technical Education and Compliance & Penetration Testing Services.

Helix Security Services

Helix Security Services

Helix Security provides IT & information security consultancy to government and businesses across New Zealand.

NexGen Cyber

NexGen Cyber

NexGen Cyber helps customers in commercial SMB markets with IT security, security integration, service management, outsourced service transition, and transformative security solutions.

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

Multidisciplinary Institute for Cybersecurity and Cyber Resilience (IMC2)

IMC2 brings together resources to carry out ambitious, innovative and multidisciplinary projects in the field of cybersecurity and cyber resilience.

CyberForceHQ

CyberForceHQ

CyberForce helps cyber security professionals take real-world tests, get ranked and get paid better. It's that simple.

LiveAction

LiveAction

LiveAction’s Network Intelligence platform transforms complex data into actionable insights, providing organizations with a comprehensive view of their network.