Popular Android apps recklessly sharing private user data – AdGuard

Just how much of your life are you willing to share with people you have never met without your permission? Are you comfortable with your email address being transmitted thousands of miles away behind your back? And your mobile device’s unique identifiers like IMEI? If the answer to each of those questions is no, as many of us are likely to answer then the bad news is that it’s been happening, anyway. Yeah, that sucks and I don’t mean to be alarmist but hey, this is Android.

An investigation by the makers of popular ad blocker AdGuard reveals that top Android apps have been sharing private user details such as email addresses to god-knows-where, a clear violation of Google Play’s own content policies.

One of the most abused aspects, the AdGuard researchers found, was a key feature that has been around since the release of Android 6.0, Marshmallow, in late 2015. Of the top 1,000 applications on the Google Play Store tested by AdGuar, for instance, there were almost 500 requests for permissions that make it possible to extract one’s phone number and, as a result, track one’s phone calls. Over 500 other permissions were for things like the ability to get a user’s email addresses, read a user’s contacts as well as read a user’s text messages. But that’s not the scary bit since most apps, like social media apps for instance, require all those permissions in order to function properly. It is the discovery that some of the apps that ask for these permissions end up misusing them that irks me (and should make you livid, as well). Some, like 9 out of the 1,000 investigated, even start transmitting email addresses “after the first run with no explicit consent from a user and no additional permissions requested”.

READ:  There's a Samsung Galaxy S8 mini in the works, too

An Editor’s Choice app, BookMyShow, was found to be sending user email addresses to a third-party analytics platform without their express authorization.

It’s rather sad to have to generalize but a good number of mobile apps from China are notorious for shady means of capturing user data and sending it back to their homeland without any transparency as to what is collected and under what times. Not to miss out, they were ably represented by the makers of popular keyboard app Go Keyboard whose popular SMS app Go SMS Pro, alongside several others, was caught in its tracks spying on its users. Last time I focused on an AdGuard report, Go Keyboard featured prominently.

Not being left behind in this ‘show of shame’ are VPN apps, including one that I have previously recommended, Turbo VPN. Such a shame, really.

The bad news is that even after knowing all the above, there’s not much you can do about it other than speak with your wallet i.e. consider paying for some premium apps more where handling of sensitive data like financial records (all those free personal finance apps? Can’t trust them) and pretty much every data your device is transmitting – that means a big no-no for VPN apps that don’t have a premium tier hence no clearly defined means of making money. You can also simply stay away from such apps. Or install AdGuard, as the people behind the research whose details I am sharing will definitely want you to do. What I know is that you can’t go wrong with some of the privacy-focused apps out there like the revamped DuckDuckGo browser.

READ:  Secure messaging app Signal starts testing video calls
Source :

AdGuard blog

Emmanuel Chenze

Let's just say I know my stuff. I have 7 years experience handling, tinkering with and then writing extensively about Android stuff. Sometimes it is exciting, sometimes it is not; things can get stale with nothing new to show but I live for each one of those moments. Have something Android-related that you believe I need to have a look at? Hit me up: echenze@androidkenya.com