Some Android apps are spying on everything you do on your phone, according to a new study by researchers at Northeastern University.
The study, titled “Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications,” analyzed 17,260 Android apps in order to understand how they may be spying on its users, detailed USA Today. The result was that of the 17,260 apps, around 9,000 requested users give the app access to the phone camera and microphone. And of the 9,000 apps that requested such access, 12 apps were sending screenshots of users’ app activity to developers and, sometimes, to a third party.
The screenshots, also called “full-session replay technology,” gives developers or third parties an unfiltered look at what users are doing while engaging with an app. This includes everything that the user clicks on, types in, and even home addresses.
One of the 12 apps, GoPuff, reportedly sends screenshots to an app analytics company called Appsee. After this information was divulged to both Google and Appsee, the CEO of Appsee, Zahi Boussiba, released the following statement.
“It appears that Appsee’s technology was misused by the customer and that our Terms of Service were violated. Once this issue was brought to our attention we immediately disabled tracking capabilities for the mentioned app and purged all the relevant data from our servers.”
Although Appsee’s service provides app developers the ability to record users’ movements when engaging with an app, GoPuff did not disclose the use of a third-party technology. Therefore, Appsee claims that the invasion of privacy is GoPuff’s fault.
It's remarkable how many times I've had to refute conspiracy theories like this one - good to have some research to back up the logic: https://t.co/Yb5AoSAQf5— Oskar (@austegard) July 5, 2018
Google is investigating Appsee’s capabilities further, stating that “We determined that a part of AppSee’s services may put some developers at risk of violating Play policy. We’re working closely with them to help ensure developers appropriately communicate the SDK’s functionality with their apps’ end-users.”
Currently, there’s no functionality in Android phones that alert users that someone could be recording their phone activity.
Furthermore, researchers would not definitively say whether or not phones could be listening or recording users through the phone cameras or mics, according to Gizmodo.
In addition to the screenshot problems listed above, another major takeaway from the study is that “there is poor correlation between the permissions that an app requests and the permissions that an app needs to successfully run its code.” This is alarming, considering that permissions should only be granted to apps out of necessity, not because apps can get away with gaining in-depth access to users’ phone data.