Android: Over 1.300 applications have access to unauthorized personal data.

If you believe that by rejecting certain rights, you have escaped leakage of your personal data then it would be good to know that this is not the case.

Εresearchers found more than 1300 Android applications which manage to bypass the rejection of permissions by gaining access to the user's site as well as other data.

The survey was conducted in 88.000 applications to verify how applications manage data. The research revealed that 1325 of them were able to get data from photo locations as well as from Wi-Fi connections.

The director of research on security and privacy, Serge EgelmanAt International Computer Science Institute (ICSI) presented the data at a conference and said Google had known about the security gap since September. The American company will solve the problem with the release of Android Q that is expected to be released with the Pixel 4 series. Google, in the new version of Android, will hide the location from the photos and will ask the applications that use Wi-Fi for permission to download location information.

Unfortunately, the research also revealed applications that obtained user information through other applications that were licensed to obtain information. In addition, these applications had access to unencrypted files and information with the help of another application that had the right to retrieve information from information stored on the SD card.

The report says that 13 Android applications used this technique to obtain user information, which was installed more than 17 million times. This list of 13 applications includes Baidu Hong Kong Disneyland application. 153 more applications along with those of Samsung which were installed over 500 million times using the same technique. In addition to the location and personal information with the above technique, the applications also saw the unique IMEI number of each device.

The full list of 1325 applications will be revealed next month.

Source