We all know apps can track our location, as long as the Android permissions are turned on. Meaning our data is protected.
Android is great, but I recently read a really great piece of work that just reminded me that all the flexibility and power Android has means you have to be aware of those who are constantly trying to abuse it and this is especially true of Android permissions in your apps.
Location is a valuable piece of information that all smartphones are capable of tracking and storing. Knowing where you are and where you’ve been is also data that you should be aware of. As well as having a choice on whether you give it up to third parties or not. Adding to this, businesses who leak tracking data about their users or customers can be at risk of legal action if not correctly handled.
Location is a big deal when it comes to controlling that data.
Apps that can secretly steal it, need to be examined and this is why we now have a deep Android permissions engine giving users the power to monitor and edit their app settings.
The whitepaper mentioned above shows how a team managed to create an app that could gain access to various sensors. These included the accelerator, gyroscope and compass. They have then used that data to infer where a user is without asking for any app permissions at all. The way this worked was, instead of actually asking the device for it’s “location”, the algorithm worked out from various other pieces of movement sensors, roughly where the device was from a known point.
The results were scarily accurate though and probably enough to work out where the device was. It’s kind of like being in the boot of a car and understanding from bumps, sounds and the way the car moves where you might be.
One thing we should remember is that in the real world there are a lot of people and businesses who are intent on stealing data or abusing great technology. This means we all have to be careful of that, more now than ever before.
At Raptor, we use all kinds of apps to check a device’s sensor list. If you install one of them onto a top phone like a Samsung Galaxy S7, then you might be surprised at the long list of sensors that the phone has and is constantly getting data from. In fact, even we have to look up what they do, from time to time.