- Football Games - Soccer Juggle (v. 1.4.2) – com.madelephantstudios.BallTapp – between 100,000 and 500,000 installations
- Button Football (Soccer) (v. 1.10.3) – com.sicecommentr.buttonfootball – between 1,000,000 and 5,000,000 installations.
While accessing location services can be used legitimately by applications, sending location information over the web is not necessary for some apps and may pose risks for users in case of a data breach with the information harvesting company. This is a typical case of grey-area use, when something obviously unnecessary for the application’s functionality gets retrieved just to complement the amount of user data aggregated already.
About 10% of the analyzed Android applications are may be doing this with or without the user’s prior information, depending on the way the advertising SDK is configured and the way it is set up at the initial boot. Others applications that send location information also leak the phone number and the user’s e-mail address to ad vendors.
While tracking location, reading contacts or interacting with social media sites can be part of functionality, significant threats come from improper implementations of technologies, such as protocols for sending data from the user’s device to the cloud. For instance, leaking unencrypted device IDs or sending plain-text passwords during the authentication process is highly dangerous for a mobile device that is often connected to public, potentially monitored Wi-Fi access points.
An old proverb has it that if you’re not paying for it, then you are the product being sold. The free application ecosystem is actually free for the user, but is heavily monetized by the developer. Succinctly put, the application becomes free only after the user has paid for it with his or her privacy. And the situation is even worse, as paying for an application neither stops the private information flow, nor brings back the information already stored on file. More than that, information collection takes place without the user even being aware of what they agree with during installation.
The ad-supported model has been around since the emergence of Internet and dramatically contributed to the expansion of the Web as we know it. Sources all over the world have signed up for advertising programs that pay for traffic and allow content to be distributed for free to the user.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.