 "Smartphone apps may be secretly stealing your data: study")
Smartphone apps that we regularly use to organise lunch dates, make convenient online purchases and communicate the most intimate details are mining our data by secretly colluding with each other, a new study warns.
Researchers conducted the first ever large-scale and systematic study of exactly how the trusty apps on Android phones are able to talk to one another and trade information.
"Researchers were aware that apps may talk to one another in some way, shape, or form," said Gang Wang, Assistant Professor at Virginia Tech University in the US.
The types of threats fall into two major categories, either a malware app that is specifically designed to launch a cyber attack or apps that simply allow for collusion and privilege escalation, researchers said.
In the latter category, it is not possible to quantify the intention of the developer, so collusion, while still a security breach, can in many cases be unintentional, they said.
In order to run the programmes to test pairs of apps, the team developed a tool called DIALDroid to perform their massive inter-app security analysis.
"Of the apps we studied, we found thousands of pairs of apps that could potentially leak sensitive phone or personal information and allow unauthorised apps to gain access to privileged data," said Daphne Yao, Assistant Professor at Virginia Tech.
The team studied a whopping 110,150 apps over three years including 100,206 of Google Play's most popular apps and 9,994 malware apps from Virus Share, a private collection of malware app samples.
The set up for cybersecurity leaks works when a seemingly innocuous sender app like that handy and ubiquitous flashlight app works in tandem with a receiver app to divulge a user's information such as contacts, geolocation, or provide access to the web.
The team found that the biggest security risks were some of the least utilitarian.
Researchers conducted the first ever large-scale and systematic study of exactly how the trusty apps on Android phones are able to talk to one another and trade information.
"Researchers were aware that apps may talk to one another in some way, shape, or form," said Gang Wang, Assistant Professor at Virginia Tech University in the US.
Also Read
"What this study shows undeniably with real-world evidence over and over again is that app behaviour, whether it is intentional or not, can pose a security breach depending on the kinds of apps you have on your phone," said Wang.
The types of threats fall into two major categories, either a malware app that is specifically designed to launch a cyber attack or apps that simply allow for collusion and privilege escalation, researchers said.
In the latter category, it is not possible to quantify the intention of the developer, so collusion, while still a security breach, can in many cases be unintentional, they said.
In order to run the programmes to test pairs of apps, the team developed a tool called DIALDroid to perform their massive inter-app security analysis.
"Of the apps we studied, we found thousands of pairs of apps that could potentially leak sensitive phone or personal information and allow unauthorised apps to gain access to privileged data," said Daphne Yao, Assistant Professor at Virginia Tech.
The team studied a whopping 110,150 apps over three years including 100,206 of Google Play's most popular apps and 9,994 malware apps from Virus Share, a private collection of malware app samples.
The set up for cybersecurity leaks works when a seemingly innocuous sender app like that handy and ubiquitous flashlight app works in tandem with a receiver app to divulge a user's information such as contacts, geolocation, or provide access to the web.
The team found that the biggest security risks were some of the least utilitarian.
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%