Research into Android apps finds no indications that apps are eavesdropping on audio

Spread the love

A group of scientists, most of them at Northeastern University, conducted an analysis of 17,260 Android apps, looking at the recording and transmission of audio and video. They found no evidence of apps eavesdropping on audio.

The scientists have analyzed a total of more than 17,000 Android apps for their research, of which 15,627 are unique APKs from Google’s Play Store. The rest of the apps came from other app stores, such as AppChina, Mi.com, and Anzhi. They made a static analysis of the entire collection, looking at camera and microphone permissions, API credentials in the code, and whether those credentials come from the app developer or from a third party. They also performed a dynamic analysis, looking at the traffic an app sends over the network, focusing on videos, audio, and images. While they found no evidence of apps covertly recording and then forwarding audio, they did encounter a number of other phenomena about which they are concerned.

An initial finding is that many apps request permissions to use the camera and microphone, about eighty percent in the case of Google Play apps, but that those permissions are not always actually used. This would be a risk because third-party software libraries can abuse these permissions without the app developer’s knowledge. They offer several explanations for the phenomenon, including the claim that there is little documentation about the relationship between permissions and the associated APIs. Also, copy-and-paste instructions from SDKs with too many permissions could cause this phenomenon.

The study also showed that only a fraction of the apps examined actually resulted in a media leak, for example in which media files were sent via the network against the user’s expectations. The researchers didn’t have the resources to analyze all the apps, so they narrowed it down to a selection of 9,100. It turned out that 21 apps sent media, 20 were images and one was video. They classified nine apps as media leaks, which amounts to about 0.01 percent. For example, photo editing apps sent unsolicited photos to a server.

Data traffic per app

The researchers highlight several interesting discoveries in their paper, including the app that forwarded video. It turned out to be the GoPuff app, a kind of delivery service. It sent images of all interactions after launching the app to a domain of Appsee, a service that promises to provide insight into how users interact with an app. A GoPuff spokesperson told Gizmodo that it has since removed the Appsee SDK from its apps. Appsee tells the site that the behavior of the app is attributable to GoPuff, because the developers allegedly misused its service and violated its terms.

One of the authors of the paper told Gizmodo: “We saw no evidence that people’s conversations are being secretly recorded.” He adds: “What people don’t seem to understand is that there is a lot of other tracking in everyday life that doesn’t use your phone’s camera or microphone and gives a third party an equally complete picture of you.” gives.” In their research, the scientists point out the possible shortcomings of their method, indicating that they may have overlooked other leaks. The researchers plan to present the paper, titled Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications, at the Proceedings on Privacy Enhancing Technologies symposium in Barcelona.

You might also like
Exit mobile version