Along with this, researchers found a number of other vulnerability points too. For instance, some apps can even send the unique MAC addresses of the users’ networking chip and router, its SSID and the wireless access point. Serge Egelman who is the research director of the Usable Security and Privacy Group at the International Computer Science Institute (ICSI) said, “It’s pretty well-known now that’s a pretty good surrogate for location data”, while presenting the study.
The study also shed light on the photo app, Shutterfly. Although Shutterfly has previously denied the fact that it collects data of its users without getting permission, it was discovered that the application sends real-time GPS coordinates of the users to its servers. All of this happens without the user giving tracking permission to the application or having any knowledge about this.
On a flipside, as the researchers have shared their concerns about the privacy issues with Google – it is expected that Android Q will have them fixed. Unfortunately, any Android phone that will not be updated to the new software will remain vulnerable to this privacy attack. It is interesting to note here that the majority of Android phones never update to the latest software version. For instance, till May of 2019 – merely 10.4% of the Android devices were running on the latest Android P software.
Google has declined to make any comments about the vulnerabilities of its Android software but it is high time that the tech giant takes responsibility and provides its users with privacy and security of their personal data.
For an average user, who is not tech-savvy and has no idea about what is happening behind-the-scenes, it is truly devastating. The sensitive information can be manipulated, used and shared with anyone – which is a breach of privacy and security.
About PrivacyCon
PrivacyCon is annual event, hosted by FTC. The fourth annual PrivacyCon event was held on June 27, 2019 where researches were presented on a vast number of security issues and privacy problems that consumers face in the digital world. One of the studies that was presented during the event was ‘50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System’.