Security experts have tested 88,000 applications available on the Google Play Store, and they discovered that 1,300 of them collect confidential information even if the user blocks their access.
A group of researchers published an article in which they detail problematic activities of mobile applications on Android. Users must give consent for each application so that it can access data such as geolocation, but some developers have found techniques to work around this system.
The researchers reviewed more than 88,000 applications on the Google Play Store by analyzing the data they transmitted over the Internet. They discovered 1,325 applications that sent data to which they should not have access.
Simple Wi-Fi access is enough to geolocate a device
Developers have found tricks to obtain device information through other sources. Applications can geolocate the device by identifying the Mac address of the Wi-Fi hotspot to which the smartphone is connected. Similarly, not having access to the unique IMEI identifier of the smartphone, applications use instead of its Mac address.
Some applications that have access to information like the IMEI number save it to the SD card for applications that do not have permission. Finally, other applications obtain GPS coordinates from images taken with the camera.
The researchers warned Google as early as September. The company said it plans to prevent apps from accessing GPS data from photos, and apps that access Wi-Fi will also need to have access to location information. However, it will be necessary to wait for the Android Q update later this year, which will not solve the problem for the many older devices that will not receive this new version.