Investigation reveals free Android apps pass personal data to third parties

Warnings over ability to 'Trojanise' Android apps
Warnings over ability to 'Trojanise' Android apps

Android applications are sharing users' personal data without their knowledge.

According to research by Channel 4 News, some leading applications send personal data back from devices to advertising companies without user knowledge. It said that permissions are being granted to the apps when they are downloaded, and the top 50 free applications are using those permissions to send data to advertisers on the application.

Asked by Channel 4's technology editor Ben Cohen if users would be surprised by the amount of data being sent out, MWR Security researcher ‘Nils' said: “We found that a lot of the free applications in the top 50 are using advertising inside the applications, and that the permission that you grant to these applications is also granted to the advertiser.

“If users knew about this, I think they would be concerned about it. But at the moment I don't think they are aware of the situation and how widely their information can be used.”

MWR Security revealed that a one-off app it built sent text messages from the user's phone, their call log and contacts' details to an advertising company called MobClix, which has not responded to comment requests.

Speaking to SC Magazine, Nils said the advertising space is sold by the application developer via MobClix; the permissions allow the third party to access data or add names to the user's contact list or events to their calendar.

He said: “With the Android permission model, the user can decide what the app can access and what it cannot, but most people will not make decisions based on that. They give permission to the third party and hand their trust to the app developer.”

Asked why the advertising companies needed such personal data, Nils said that in many cases, this was freely available to them.

Viviane Reding, vice-president of the European Commission who recently announced sweeping changes to the European Data Protection Directive, told Channel 4 News that this was against the law "because nobody has the right to get your personal data without you agreeing to this".

“Maybe you want somebody to get this data and agree and it's fine. You're an adult and you can do whatever you want. But normally you have no idea what others are doing with your data,” she said.

“They are spotting you, they are following you, they are getting information about your friends, about your whereabouts, about your preferences. That is certainly not what you thought you bought into when you downloaded a free-of-charge app. That's exactly what we have to change.”

Sign up to our newsletters