Published: Tue, July 09, 2019
Electronics | By Kelly Massey

Microsoft is sneaking adverts into its Android apps

Microsoft is sneaking adverts into its Android apps

The researchers in the report note that they've alerted Google to the issue and that Google has said that it should be fixed in Android Q, which is set to be released later this year. It also added that it used that data to "enhance the user experience". But crucially, the test pool only contained apps downloaded off the US Google Play Store; it's unclear if Android apps in other regions are exploiting similar loopholes to scrape user data despite permissions. "Side channels present in the implementation of the permission system allow apps to access protected data and system resources without permission; whereas covert channels enable communication between two colluding apps so that one app can share its permission-protected data with another app lacking those permissions".

"Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it".

Google told The Verge that, among the steps it's taking along these lines, going forward with Android Q it will hide geolocation data from photo apps by default.

The most recent example concerns Microsoft's Android apps, which have started showing ads in the Share menu in an attempt to convince users to install other apps developed by the Redmond-based tech giant.

Brevard County Weather Forecast Calls For High Rain Chances Saturday Afternoon
Tonight , there is a 50 percent chance of showers and thunderstorms, with a low of 71, according to the weather service. If you're planning to spend the day at the beach, highs will top out in the upper 70s to lower 80s.


So when we have denied the various apps access to our personal data, the apps will somehow still access our data. There were only 13 apps engaging in this privacy crushing practice but the apps were installed more than 17 million times.

Other apps sought to gather sensitive identifiable information, such as a smartphone's IMEI number or a router's MAC address. The first has to do with Android and third-party SDK vulnerabilities, such as with Unity which somehow allows dozens of apps to store unique identifiers for your mobile device. Shutterfly had been collecting location data from photos stored in the mobile and sending the data to its own servers.

Egelman will be presenting more detailed information about the research findings at the Usenix Security conference in August, according to the online technology publication CNET.

The researchers found Shutterfly collected Global Positioning System data from mobile phones and sent the data to its internal servers.

Like this: