TECH
Android: Researchers Find Vunerabilities in Operating System
A study "An Analysis of Pre-installed Android Software" says pre-installed Android apps amount to a boatload of privacy issues. Just ask IMDEA Networks Institute, Stony Brooks University, Carlos II University of Madrid and ICSI. They authored the study.
They are about tracking and advertising services embedded in many pre-installed apps, and the partnerships that allow information to be shared, and control to be given to various other companies through permissions, backdoors and side-channels.
ICSI stands for International Computer Science Institute. IMDEA is a research organization in Madrid. Its focus is on computer and communication networks.
The problem traces back to some hardware vendors; they are pre-loading Android devices with apps that may absorb user data. Oh, and do not blame stupid, careless users (at least for allowing the harvesting apps). They are not aware because they are not asked to sign on to anything.
The study authors found that a number of smartphones enabling third-party access to user data, without consent, were involving non-Google pre-installed apps.
THE COUNTRY: Past research on the risks to privacy from cellphones may have looked at Google Play but this team instead analyzed pre-installed apps on standard phones "and it turns out that, due to a complex ecosystem of manufacturers, mobile operators, app developers and service providers, the guarantees offered by Android are looking less than foolproof. "
This is the first time that the Android device has been released, but it has not yet been released.
The study turned the spotlight on some 1,700 devices from 200 hardware makers. The probe involved 82,000 pre-installed apps.
ZDNet said that "According to researchers, the most used permission of apps that also embed a third-party SDK is the permission to read system logs, followed by the ability to mount / unmount storage space, and the ability to install other apps." Harry Domanski for TechRadar pointed out to those vendors that provide their own version of the open-source operating system. In turn, they abuse the platform to release products with "integrated data-collecting services."
The ball may sometimes fall in your corner-sometimes. Downloading "the data-harvesting app and agreeing for it to use all your details for marketing purposes" is okay, said Roland Moore-Colyer for the INQUIRER.
The issue here is that the study is looking at apps coming pre-installed and not making it clear to you about data-harvesting activities. The Moore-Clyer pointed out, this data harvesting could be deliberate or just the result of "some dumb implementation."
Catalin Cimpanu looked at the study and made note of some additional rubs. I have told ZDNet readers that "many pre-installed apps (also referred to as bloatware) can not be removed, and also use third-party libraries that secretly collect user data from within benign-looking and innocently-named applications."
Given all that, attention should be focused on solutions as well as causes. In looking for solutions, the landscape is complicated. The difficulty lies in the nature of the supply chain. Moore-Clyer said that "the supply chain of both software and hardware can be quite convoluted with all manner of deals being made secure with certain apps and services on devices, without anyone oversee such activity."
Domanski referred to "myriad of actors" ranging from software developers to advertisers, "potentially involved in secret partnerships."
THE COUNTRY: "An Android cellphone is not produced by just one manufacturer. The chip comes from one company and the updates of the operating system will be outsourced to another, while separate software will be added by the mobile operators and distributors. a lot more players involved in the final product ... the result is an ecosystem so complex that the players can sidestep the responsibility of where our personal data ends up ... And what belongs to everyone belongs to no one. "
"We appreciate the work of the researchers and have been in contact with them about concerns about their methodology." The researchers' methodology is unable to differentiate pre-installed system software-such as diallers, app stores and diagnostic tools-from malicious software that has accessed the device at a later time, making it difficult to draw clear conclusions. "
Google went on to state that they worked with "OEM partners" to help ensure the security of apps they decide to pre-install on devices. They also provide "tools and infrastructure" to help partners scan their software. Last but not least, they stated they gave partners policies regarding the safety of pre-installed apps, "and regularly give them information about potentially dangerous pre-loads" they identified. N. C.
No comments:
Post a Comment