App developers can still gather information on you even without your consent
Think that you’re in control of what data an app developer collects on you when you install their app on your phone? Think again – new findings by a team of researchers at the International Computer Science Institute in California has found that many mobile app developers are using extremely shady techniques to harvest information from your phone even after you explicitly deny their app permission.
The group detailed their findings during PrivacyCon hosted by the Federal Trade Commission, where they found that more than 1,300 Android apps were collecting users precise geolocation data and phone identifiers even when they’ve explicitly denied the required permissions.
The apps were able to do this by using hidden workarounds that allow them to look for users’ personal data from sources like metadata stored in photos and Wi-Fi connections.
Shutterfly, for example, collects location data from your phone by extracting GPS coordinates from metadata that’s put on your photos, even when users deny the app access to data.
As of writing, the researchers have found that the apps detailed on their report (which we’ve linked here) work on both Android Marshmallow and Android Pie.
For its part, Google is looking to shut down these workarounds on Android Q, which hides location data in photos from third-party apps as well as making it mandatory for apps that access Wi-Fi to have permission to access location data.