Covert User Profiling Through Popular Apps

SYDNEY, Australia, April 1st, 2013 – Ranking Android apps were found to be extremely curious while collecting and uploading location, email address, and user phone numbers to third-party servers, Bitdefender research has found.

A recent study on some 130,000 popular free Android apps revealed that aggressive advertisers breach user privacy by uploading phone numbers to third-party entities. Some 12.87 percent of analysed apps were found to collect and broadcast users’ phone numbers without explicit notification.

Location data and personal email addresses were also accessed and distributed to third parties by 12.03 percent and 7.72 percent, respectively, of analysed apps.

“The thin line between aggressive advertisers and malware is getting blurrier,” said Bitdefender Chief Security Strategist Catalin Cosoi. “While malware may steal passwords and other credentials, aggressive advertisers may collect everything else. Although violating user privacy raises serious concerns, the risk of having collected data used for malicious purposes is greater than most people imagine.”

While some apps may legitimately require access to such data, others access it without the app explicitly needing it to perform adequately. Apps that access browsing history sum up to 6.07 percent, while some apps even require access to photos.

Although some analysed apps have been updated to meet proper user privacy guidelines, previous versions of Texas Poker, by KamaGames, and Paradise Island, by Game Insight International, uploaded user phone number to third parties.

Android users are advised to exercise extreme caution when installing apps and to always check for what permissions they require. Installing a mobile security solution that can detect virulent adware is also recommended, as data privacy should be a top priority.