September 30, 2010 | by Andrew Kameka
Android already requires that applications display a list of permissions it plans to access. But researchers from Duke University and Penn State say that there are apps sending personal data to “online advertisers” without user knowledge. As a result, they have developed TaintDroid (stop laughing!) to point out which apps are releasing your private data.
Ed note: It’s important to point out that the app used in this example, Wallpapers, has already been accused of this, investigated by Google, and found to have no nefarious intentions.
TaintDroid alerts users when data is sent to outside sources. The study says that 15 of 30 popular applications send geographic location to remote ad servers. Researchers say of the 105 apps flagged by TaintDroid, 37 have clearly “legitimate” reasons. However, users should have already known that considering that AdMob and other in-app marketing services have always included geo-targeted advertisements. In fact, the app even flagged Google Maps and native features of the Android OS.
There are cases where TaintDroid could actually come in handy. For instance, if using an app that doesn’t have ads or a need to access personal data, this could be a good way to spark questions and seek more information. The one thing everyone must remember is that an app accessing user data is not inherently malicious, but it doesn’t hurt to keep an eye on things.
The researchers have decided that it will release TaintDroid, an open source project, at a yet to be determined time. Read more information on the project here.