Android Apps pode colher suas permissões de dados Mesmo que tenha rejeitado

Android Apps pode colher suas permissões de dados Mesmo que tenha rejeitado

aplicações Android estão constantemente a adquirir dados do usuário sem a usuários saber sobre este processo. According to a recent study a large part part of software installed on devices running Google’s operating system can harvest sensitive data without notifying or asking explicitly the users.

Sensitive User Data Harvested By Android Apps, Many Users are Unaware

A recently published paper by a team of researchers shows that there are a lot of ways that Android apps can use to bypass Android’s permissions system and harvest data without explicit rights to do so. The paper is titled 50 Maneiras de vazamento de seus dados: Uma exploração de Aplicativos evasão do sistema de permissões Android and is written by a team of security experts who have studied the matter. It appears that various software have discovered ways that this can be bypassed. This appears to done using two particular threats:

  • Covert Channel — This is a communicative path between two applications in order for data transfer to take place. The exact mechanism is when the applications reads certain information by interacting with other applications.
  • Side Channel — This is the other technique which makes applications to obtain privileged data without performing a proper permissions check.
relacionado: Geost Android Botnet acumula 800,000 Hosts na Rússia

In order to come up with this information the researchers have performed both static and dynamic analysis of apps obtained from the Google Play repository. The exact method is to devise an automatic scraper that retrieves both the APK and the associated metadata. Some of the personal data that can be hijacked includes the following:

  • IMEI — This is done by accessing the phone state and reading the IMEI of the mobile device.
  • Device MAC Address — By accessing the network state the device’s MAC address can be acquired.
  • User Email Address — The email address of the victim users can be acquired by reading the account data of the Google device that it is installed on.
  • Número de telefone — The phone number of the installed device is acquired from the phone state.
  • SIM ID — The phone number of the installed device is acquired from the phone state.
  • Router MAC Address — By accessing the Wi-Fi state information about the MAC address of the network’s router can be read.
  • Router SSID — By accessing the Wi-Fi state information about the SSID of the network’s router can be read.
  • GPS Location — By reading thefine locationvalues the GPS coordinates of the mobile device can be acquired.

Mais que 1325 Android apps are known to harvest data using these techniques. Depending on way they are programmed this number may rise. The study merely represents a small sample of what is available on Google Play. What’s more dangerous is the fact that a large number of malware applications are also found on other places, including download portals and sites.


Martin Beltov

Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

mais Posts - Local na rede Internet

Me siga:
TwitterGoogle Plus

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar