Notebookcheck

Six Android apps on Google's Play Store found to secretively harvest data from users

Six apps from Chinese developer DO Global have been found to secretly collect user data and send it to Chinese servers. While these apps have now been removed, this issue has once again turned a spotlight on a serious privacy problem that continues to plague the Google Play Store: unwarranted app permissions.

Android has a major problem, and it lies at the heart of its most popular application management system. This week, several security firms, in a joint effort with Buzzfeed news, confirmed that six popular Android apps have been unknowingly collecting user data and sending it to Chinese servers.

The apps in question are from one publisher: DO Global, a Chinese-based app developer. The apps collected user data by surreptitiously prompting ad clicks without the users knowing. These clicks occurred even when the app was not active.

This practice flies in the face of both Google’s terms of service for the Play Store and the EU’s General Data Protection Regulation, or GDPR. Under the GDPR, software must make users explicitly aware of when, how, and for what purpose it may collect data. Software must also obtain direct consent from users.

Google responded to the findings by saying:

Developers are required to disclose the collection of personal data, and only use permissions that are needed to deliver the features within the app. If an app violates our policies, we take action that can include banning a developer from being able to publish on Play.

Google has since removed the apps (listed below) from the Play Store, but that has not sated some critics; some Android users have called for punitive measures to be levied on DO Global as an example to other publishers that might attempt similar practices.

The biggest problem highlighted in this investigation is the inordinate amount of permissions that some applications request. As KitGuru pointed out, an app called “Emoji Flashlight”, which is a simple torch application, requests 30 different access permissions upon download. (Google notes that 7 of these are critical.) Why a flashlight would need more than one access permission (the LED light on a phone) is beyond comprehension, unless it is attempting to access user data for one purpose or another.

Be careful when downloading applications, even from trusted sources like the Google Play Store and carefully read through an app’s permission requests before accepting any of them.

The apps that were noted in this investigation include the following:

  • Selfie Camera
  • Total Cleaner
  • Smart Cooler
  • RAM Master
  • AIO Flashlight
  • Omni Cleaner

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 04 > Six Android apps on Google's Play Store found to secretively harvest data from users
Sam Medley, 2019-04-27 (Update: 2019-04-28)
Sam Medley
Sam Medley - Review Editor - @samuel_medley
I've been a "tech-head" my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a Systems Analyst for my local school district. I started working with Notebookcheck in October of 2016 and have enjoyed writing news articles and notebook reviews. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not hunched over an electronic device or writing code for a new database, I'm either outside with my family, playing a decade-old video game, or sitting behind a drum set.