>4,000 Android apps silently access your installed software
Android API lets apps collect a list of all other installed apps, no permission needed. …
reader comments
49 with 28 posters participating
More than 4,000 Google Play apps silently collect a list of all other installed apps in a data grab that allows developers and advertisers to build detailed profiles of users, a recently published research paper found.
The apps use an Android-provided programming interface that scans a phone for details about all other apps installed on the phone. The app details—which include names, dates they were first installed and most recently updated, and more than three-dozen other categories—are uploaded to remote servers without permission and no notification.
IAM what IAM
Android’s installed application methods, or IAMs, are application programming interfaces that allow apps to silently interact with other programs on a device. They use two methods to retrieve various kinds of information related to installed apps, neither of which is classified by Google as a sensitive API. The lack of such a designation allows the methods to be used in a way that’s invisible to users.
Not all apps that collect details on other installed apps do so for nefarious purposes. Developers surveyed by the researchers behind the new paper said the collection is the basis for launcher apps, which allow for the customization of the homescreen and provide shortcuts to open other apps. IAMs are also used by VPNs, backup software, notification managers, anti-malware, battery savers, and firewalls.
But the data grab can also be used by advertisers and developers to assemble a detailed profile of users, the researchers reported in their paper, titled Leave my Apps Alone! A Study on how Android Developers Access Installed Apps on User’s Device. They cited previous
Continue reading – Article source