Technology Android Apps May Be Snooping on You More Than You Realize

22:05  26 march  2020
22:05  26 march  2020 Source:   gizmodo.com

Dog the Bounty Hunter proposes to girlfriend on 'Dr. Oz,' plus more news

  Dog the Bounty Hunter proposes to girlfriend on 'Dr. Oz,' plus more news Are Dog the Bounty Hunter and Moon Angell engaged? Plus, more celebrity news for Jan. 29, 2020

At this point we’re all familiar with apps of all sorts tracking our every move and sharing that info with pretty much every third party imaginable. But it actually may not be as simple as tracking where you go and what you do in an app: It turns out that these apps might be dropping details about the other programs you’ve installed on your phone, too.

a hand holding a cellphone © Photo: Getty

This news comes courtesy of a new paper out from a team of European researchers who found that some of the most popular apps in the Google Play store were bundled with certain bits of software that pull details of any apps that were ever downloaded onto a person’s phone.

Play Protect blocked 1.9B malware installs from non-Google sources last year

  Play Protect blocked 1.9B malware installs from non-Google sources last year The number of user attempts to install malware-infected apps from outside the Play Store has gone up from 1.6 billion, reported in 2017 and 2018, to 1.9 billion, last year.The number is up from 1.6 billion, reported in 2017 and 2018.

Before you immediately chuck your Android device out the window in some combination of fear and disgust, we need to clarify a few things. First, these bits of software—called IAMs, or “installed application methods”—have some decent uses. A photography app might need to check the surrounding environment to make sure you have a camera installed somewhere on your phone. If another app immediately glitches out in the presence of an on-phone camera, knowing the environment—and the reason for that glitch—can help a developer know which part of his app to tinker with to keep that from happening in the future.

Here’s your latest reminder that Android security is a joke

  Here’s your latest reminder that Android security is a joke The pile of Android threats to watch out for has been mounting at a pretty rapid clip so far this year, with apps sneaking into the Google Play Store that can do everything from log in to your Google and Facebook accounts, access key features of your device, spread malware and so much more. Google, of course, kicks these apps out of its store as soon as they're found, which we note each time this occurs -- though each instance is also one more reminder of just how much of a minefield the threat landscape remains.

Because these IAM-specific calls are technically for debugging purposes, they generally don’t need to secure permissions the same way an app usually would when, say, asking for your location. Android devices have actually gotten better about clamping down on that form of invasive tracking after struggling with it for years, recently announcing that the Android 11 formally requiring that devs apply for location permissions access before Google grants it.

But at the same time, surveying the apps on a given phone can go the invasive route very easily: The apps we download can tip developers off about our incomes, our sexualities, and some of our deepest fears.

The research team found that, of the roughly 4,200 commercial apps it surveyed making these IAM calls, almost half were strictly grabbing details on the surrounding apps. For context, most other calls—which were for monitoring details about the app like available updates, or the current app version—together made up less than one percent of all calls they observed.

Android 11 Developer Preview focuses on 5G and better privacy

  Android 11 Developer Preview focuses on 5G and better privacy After a brief tease, the first Android 11 Developer Preview is available for Pixel devices -- and it's clear Google is thinking about the future with this release. The test software is built with a few new technologies in mind, most notably 5G. New frameworks let app creators determine whether or not someone's on an unlimited data plan or has 5G-level bandwidth, making it possible to tailor experiences for people with unfettered connections. There's also improved support for hole-punch and waterfall screens, neural networks and low-latency video (think Stadia).As with Android 10, privacy and security will play important roles.

There are a few reasons for the prevalence of this errant app-sniffing behavior, but for the most part it boils down to one thing: money. A lot of these IAMs come from apps that are on-boarding software from adtech companies offering developers an easy way to make quick cash off their free product. That’s probably why the lion’s share—more than 83%—of these calls were being made on behalf of third-party code that the dev onboarded for their commercially available app, rather than code that was baked into that app by design.

And for the most part, these third parties are—as you might have suspected—companies that specialize in targeted advertising. Looking over the top 20 libraries that pull some kind of data via IAMs, some of the top contenders, like ironSource or AppNext, are in the business of getting the right ads in front of the right player at the right time, offering the developer the right price for their effort.

And because app developers—like most people in the publishing space—are often hard-up for cash, they’ll onboard these money-making tools without asking how they make that money in the first place. This kind of daisy-chaining is the same reason we see trackers of every shape and size running across every site in the modern ecosystem, at times without the people actually behind the site having any idea.

Android hasn’t yet responded to our request for comment, but because this tech—at times—leans dangerously close to breaking the company’s own policies surrounding how ads can and can’t be targeted, there may be hope that they’ll take action.

Moog and Korg make synth apps free to help musicians stuck at home .
If you're a musician (or fan) whose concerts got scrapped over coronavirus concerns, you'll at least have more tools to produce music when you're at home. To start, Moog has made its Minimoog Model D iOS synth app available for free. It wasn't hugely expensive to start, but this could make it easy to recreate the first portable synth and slip some Kraftwerk- or Dr. Dre-inspired sounds into your latest track. Moog didn't say how long the priceNot to be left out, Korg is doing the same for its Kaossilator apps, which normally cost close to $20. Android artists can grab the software for no charge until March 20th, 2020, while the iOS crowd has until March 31st to get iKaossilator.

—   Share news in the SOC. Networks
usr: 1
This is interesting!