Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Why some mobile apps track you once every 3 minutes?

A new study conducted by researchers at the Carnegie Mellon University revealed that dozens of mobile apps collect extensive location data. A new study conducted by researchers at the Carnegie Mellon University revealed that a number of Android mobile apps collects geolocation data related to the users. According to the Wall Street Journal, the researchers […]

Magellan flaw

A new study conducted by researchers at the Carnegie Mellon University revealed that dozens of mobile apps collect extensive location data.

A new study conducted by researchers at the Carnegie Mellon University revealed that a number of Android mobile apps collects geolocation data related to the users. According to the Wall Street Journal, the researchers discovered that the mobile apps track users every three minutes.

During the two weeks of the study, the researchers discovered that the mobile apps requested geolocation data an average of 6,200 times.

The experiment involved 23 Android users from the Carnegie Mellon student and Craigslist, the researchers requested them to use an arbitrary number of applications over the two weeks without providing them information regarding the apps that were being assessed. The researcher tracked the data requests made by the mobile apps by using a software they have specially designed.

The applications that collected the greatest number of data are Google Play Services (2,200), The Weather Channel’s app (2,000 requests) and Groupon (1,062 times).

mobile unsafe applications 2

It is normal that specific categories of mobile apps collect location data, but the frequency of the requests surprised the researchers.

“Does Groupon really need to know where you are every 20 minutes?” wrote Norman M. Sadeh, one of the author of the study asked Consumerist. “The person would have to be accessing Groupon in their sleep,”

Another disconcerting aspect of the research is that Android users totally ignore mobile apps collect their data:

“There are some applications where you could justify this level of frequency—think for instance of a navigation app.” “So the frequency by itself is not the problem. Instead it is whether the frequency is justified, and obviously whether users are informed of these practices and have some level of control.”

Most worrying are Google Play Services, because they are pre-installed on Android mobile devices and in the majority of cases are result hard to remove to common people.

The awareness of being tracked can affect the users’ behavior?

To respond to the question, during the third week of the study, the researchers started sending the users ‘privacy nudges’ every time an app requested their location data. The response of the mobile app users was eloquent, 95 percent of participants reported that they would reassess their app permissions and 58 percent restricted Android mobile apps from collecting their personal data.

“The defaults for location data are entirely backward. That data should only be revealed at a particular moment for a particular purpose. Instead, devices routinely reveal location, leaving the user subject to constant tracking,” Marc Rotenberg, president of the privacy advocacy group, the Electronic Privacy Information Center told the WSJ.

The researchers will present full findings of the study next month at a conference at Seoul.

Pierluigi Paganini

(Security Affairs –  mobile apps,  privacy)