We have seen how many of the Android apps have been caught indulging in malicious practices and the most recent study reveals exactly that. As per a new study, it is suggested that thousands of Android apps can access your data, irrespective of the permission given to the apps to access them.
So when we have denied the various apps access to our personal data, the apps will somehow still access our data.
The study suggests that Android apps get unauthorized access to user data with the help of covert and side channels.
For the uninitiated, covert channels allow apps to get permission to access user data from another app, and this process becomes easy as most of the apps are based on the same SDK (software development kit).
Additionally, various side channel vulnerabilities that exist in the Android system could be used to extract crucial information such as the MAC address of a user’s device with the use of C++ native code.
It is further suggested that many apps that use SDKs built by Baidu and Salmonads use the covert channel communication path to access the user’s IMEI number without his or her permission.
The unauthorized access to user data also involves access to the actual GPS coordinates of the device and geolocation data; the Shutterfly app has been found sharing geolocation data back to its servers.
You can read the study over here for a better understanding.
The researchers said they’d notified Google about the vulnerabilities in September last year. While Google did not comment on the study, it is suggested that Android Q would bring forth features to curb such security issues.