If you explicitly state that you do not give permission to use your location in an app, then you assume that the app does not actually use your location. Yet this appears to be the case with more than 1000 Android applications. Research by the International Computer Science Institute shows that. The ICSI found around 1325 apps that collected data from devices that users had explicitly said no to.
Approximately 88,000 apps were investigated for the study, 1325 of which managed to obtain information about the user in a devious manner. The apps received this information through Wi-Fi locations and metadata, among other things, stored in photos. Principal investigator Serge Egelman indicates that consumers have few options to protect their privacy. Egelman: “If app developers can evade the system, asking consumers permission is pretty pointless.”
SD cards & WiFi locations
Some apps received their information by hitchhiking on other apps that did have access to information, which allowed them, for example, to retrieve phone serial numbers. The apps read through unprotected documents on the SD card in the phone and thus arrived at the information for which they had actually not been authorized.
Other apps obtained their information through the connection to a WiFi network and the MAC address of the router. They could find these, for example, through apps that act as remote controls, apps that don’t need location information to function.
Google was already informed of the problems by the researchers in September last year but does not immediately have a solution. That solution will come later this year when Android Q is launched. The update addresses the issue by hiding location data in photos of apps that require access to WiFi, for location data, according to Google.
Curious about exactly which Apps are guilty of sneaky espionage? in August the investigation team will publish a complete list of all offenders.