Researchers Claim Phone Apps Are Secretly Recording Your Screen Activity Alarming Tinfoil Hats Everywhere
Is your smartphone secretly recording your screen activity? It turns out that conspiracy theorists may have some justification for their concern. Computer scientists from Northeastern University determined that some apps do violate a user’s privacy by quietly capturing pictures, videos, and recorded audio.
According to the Northeastern University scientists, their research was the “first large-scale empirical study of media permissions and leaks from Android apps, covering 17,260 apps from Google Play, App China, Mi.com, and Anzhi.” The researchers worked with ten Android devices and an automated program to use the apps and determine whether any media files were sent to a third-party. The purpose of the study was to identify any privacy risks associated with Android apps. The researchers received a contract from Department of Homeland Security to conduct their study, an award from the National Science Foundation, the Google “Security, Privacy and Anti-Abuse” award, the Comcast “Innovation Fund” grant, and a Data Transparency Lab grant.
On the bright side, the researchers found that “a very large fraction of apps are not abusing the ability to record media.” On the downside, the scientists did find several instances where apps were sending information to third-party apps without a user’s permission. They noted that while some apps were able to violate a user’s policy through rather dishonest means, most were able to send information to third party apps because the Android and iOS systems are “coarse grained” and “incomplete”.
The researchers noted that third-party code in an app is allowed to continuously monitor a user’s screen without their permission on Android devices. The developers themselves may not even know what code is used in third-party app. They also determined that several photo-editing apps upload pictures to the cloud without informing their users. For example, the app “Photo Cartoon Camera- PaintLab” uploads a user’s photos to their servers, even if the user decides to delete the photos. These photos are sent to the server without notifying the user.
The most common issues appeared to be related to apps and their multimedia permission requests. Some apps will ask for various multimedia permissions without actually needing to use that media. Some apps include code for multimedia sensors that are not used, but the app does not disclose to the users that this code is included. These oversights could allow third-party apps to abuse the media permissions. The app stores do not closely monitor what permissions are requested, what code is included in the apps, and if they are necessary for the function of the app.
It is important to note that the study focused on a user's screen activity and did not find evidence that smart devices are secretly recording a user's off-screen life. The researchers at Northeastern University plan to continue to “monitor how multimedia content leaks over the internet from mobile and IoT devices, and assess the implications of such behavior." They also hope in the future to look more closely at iOS apps.
According to the Northeastern University scientists, their research was the “first large-scale empirical study of media permissions and leaks from Android apps, covering 17,260 apps from Google Play, App China, Mi.com, and Anzhi.” The researchers worked with ten Android devices and an automated program to use the apps and determine whether any media files were sent to a third-party. The purpose of the study was to identify any privacy risks associated with Android apps. The researchers received a contract from Department of Homeland Security to conduct their study, an award from the National Science Foundation, the Google “Security, Privacy and Anti-Abuse” award, the Comcast “Innovation Fund” grant, and a Data Transparency Lab grant.
On the bright side, the researchers found that “a very large fraction of apps are not abusing the ability to record media.” On the downside, the scientists did find several instances where apps were sending information to third-party apps without a user’s permission. They noted that while some apps were able to violate a user’s policy through rather dishonest means, most were able to send information to third party apps because the Android and iOS systems are “coarse grained” and “incomplete”.
The researchers noted that third-party code in an app is allowed to continuously monitor a user’s screen without their permission on Android devices. The developers themselves may not even know what code is used in third-party app. They also determined that several photo-editing apps upload pictures to the cloud without informing their users. For example, the app “Photo Cartoon Camera- PaintLab” uploads a user’s photos to their servers, even if the user decides to delete the photos. These photos are sent to the server without notifying the user.
The most common issues appeared to be related to apps and their multimedia permission requests. Some apps will ask for various multimedia permissions without actually needing to use that media. Some apps include code for multimedia sensors that are not used, but the app does not disclose to the users that this code is included. These oversights could allow third-party apps to abuse the media permissions. The app stores do not closely monitor what permissions are requested, what code is included in the apps, and if they are necessary for the function of the app.
It is important to note that the study focused on a user's screen activity and did not find evidence that smart devices are secretly recording a user's off-screen life. The researchers at Northeastern University plan to continue to “monitor how multimedia content leaks over the internet from mobile and IoT devices, and assess the implications of such behavior." They also hope in the future to look more closely at iOS apps.
