Until Android Q - FTC PDF says some Android apps harvest location data from PHOTOs & WIFI ...

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Researchers found at least 1,325 Android apps (of 88,000 tested apps) still  
harvest data even after you explicitly deny permissions.
<https://www.ftc.gov/system/files/documents/public_events/1415032/privacycon2019_serge_egelman.pdf

The apps gather information such as location, even after owners explicitly  
say no.  


<https://www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions/

Information obtained includes geolocation & phone identifiers.

Researchers told the FTC:
"If app developers can just circumvent the system, then asking consumers  
for permission is relatively meaningless."

The 1,325 apps that violated permissions on Android used workarounds hidden  
in its code that would take personal data from sources like Wi-Fi network  
and router MAC address connections and location metadata stored in photos.  

For example, Researchers found that Shutterfly, a photo-editing app, had  
been gathering GPS coordinates from photos and sending that data to its own  
servers, even when users declined to give the app permission to access  
location data.  

Android Q will address the issue by hiding location information in photos  
from apps and requiring any apps that access Wi-Fi to also have permission  
for location data.

However, 13 apps of the 88,000 tested, were relying on other apps that were  
granted permission to look at personal data, piggybacking off their access  
to gather phone identifiers like your IMEI number. These apps would read  
through unprotected files on a device's SD card and harvest data they  
didn't have permission to access. So if you let other apps access personal  
data, and they stored it in a folder on the SD card, these spying apps  
would be able to take that information. 153 apps had this capability.

Site Timeline