Smartphone Apps Covertly Report Your Location Data

Uploaded on 2015-04-03 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Developments

location-data-sharing.jpg

Do you realize how often your smartphone is sharing your location data with various companies? It is more than 5000 times in just two weeks. 

A recent study by the security researchers from Carnegie Mellon reveals that a number of smartphone applications collect your location-related data a lot more than you think.

The security researcher released a warning against the alarming approach: "Your location [data] has been shared 5,398 times with Facebook, GO Launcher EX, Groupon and seven other [applications] in the last 14 days." 

During their study, researchers monitored 23 Android smartphone users for three weeks.

    First Week - Participants were asked to use their smartphone apps as they would normally do.
    Second Week - An app called App Ops was installed to monitor and manage the data those apps were using.
    Third Week - The team of researchers started sending a daily “privacy nudge” alert that would ping participants each time an app requested location-related data.

Researchers concluded: Some apps for Android are tracking user's movements every three minutes.
Some apps for Android are attempting to collect more data than it needed. Groupon, a deal-of-the-day app, requested one participant's coordinates 1,062 times in two weeks. Weather Channel, a weather report app, asked device location an average 2,000 times, or every 10 minutes. The participants were unaware of how closely they are being tracked by different apps, and many were surprised by the end results.

"4,182 (times) – are you kidding me?" one of the participants asked. "It felt like I'm being followed by my own phone," adding "It was scary [that the] number is too high."

Another participant wrote, "The number (356 times) was huge, unexpected."

The research team found that privacy-managing software helped manage access to data. When the members granted access to App Ops, they collectively checked their App permissions 51 times and restricted 272 permissions on 76 different apps.

Just one of the participants failed to review permissions. 

As per users mentality, once the participants have made the changes to the app permission, they hardly looked at them after a few days.

“App permission managers are better than nothing, but by themselves they aren’t sufficient,” said Norman Sadeh, a professor at Carnegie Mellon. “Privacy nudges can play an important role in increasing awareness and in motivating people to review and adjust their privacy settings.”

With the help of App Ops privacy app, in the span of eight days, the participants collectively reviewed app permissions 69 times, blocking 122 additional permissions on about 47 different apps.

Ultimately, the team believes that if a user began getting the privacy nudges on a daily basis, they'll definitely go back to their privacy settings and restrict apps that are tracking users more closely.

The Hacker News:

« Battle for African Internet Users Stirs Fears
Facebook Successfully Tests Laser Drones in UK Skies »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Kirkland & Ellis

Kirkland & Ellis

Kirkland & Ellis LLP is an international law firm with offices in the USA, Europe and Asia. Practice areas include Data Security & Privacy.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

EY Advisory

EY Advisory

EY is a multinational professional services firm headquartered in the UK. EY Advisory service areas include Cybersecurity.

4iQ

4iQ

4iQ fuses surface, social, deep and dark web sources to research and assess risks to people, infrastructure, intellectual property and reputation.

OneVisage

OneVisage

Our award-winning 3DAuth digital identity platform turns any consumer mobile device into a real-time 3D facial scanner that securely authenticates the user in seconds.

ResponSight

ResponSight

ResponSight is a data science company focusing specifically on the challenge of measuring risk and identifying changes in enterprise/corporate networks using behavioural analytics.

Korn Ferry

Korn Ferry

Korn Ferry is a global organizational consulting firm, synchronizing strategy and talent to drive superior performance for our clients in key areas including cybersecurity.

Neudomains

Neudomains

Neudomains is a Corporate Domain Name Management and Brand Protection Online Specialist. One of the world's top providers of online brand protection and enforcement.

Tehtris

Tehtris

TEHTRIS XDR Platform was developed to control and improve the IT security of private and public companies against advanced cyber threats such as cyber espionage or cyber sabotage activities.

CYBER.ORG

CYBER.ORG

CYBER.ORG's goal is to empower educators as they prepare the next generation to succeed in the cyber workforce of tomorrow.

SecurIT360

SecurIT360

SecurIT360 is a full-service specialized Cyber Security and Compliance consulting firm.

ImmuneBytes

ImmuneBytes

ImmuneBytes is a cutting-edge security startup that aims to provide a secure blockchain environment for a dependable and open Web3 ecosystem.

Onwardly

Onwardly

For everyday folks tasked with implementing security and privacy. Do it faster with Onwardly - build, launch and scale your cyber resilience program in 30 minutes per week.

Port-IT

Port-IT

Port-IT is a leading partner in cybersecurity solutions tailored for the maritime industry.

Sensity

Sensity

Sensity is a company that offers an AI-driven solution to detect and verify deepfakes and other forms of identity fraud.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.