Android gives developers a set of APIs to communicate with the operating system. This is the simplest way of obtaining data and providing information between these two elements.
These APIs are supposed to be secure and can only be used at specific times. The truth is that a flaw has now been discovered that could compromise the privacy of any user and their smartphone.
API issues that Google created
Android APIs are an integral and important part of this operating system. They are essential for the interconnection between apps and the system, ensuring a simple way for programmers to interact with the system. A paper revealed recently it has come to the public with a reality that is abnormal and that needs to be addressed.
One of these Android APIs provides apps and developers with detailed information about installed applications. The data that can be collected ranges from the name of the app, the date of installation and even when it was last used.
With all this data, it is easy to create a user profile and obtain information about your preferences. This is useful information for any advertising system, which then addresses it to the treated and prepared user.
Any app has access to sensitive information
This problem is even greater, as this data can be obtained without the programmer having knowledge. You just need to use a set of libraries from external entities, many created to display advertising, so that they are committed.
To make matters worse, all of these calls and data retrieval are done silently. Apps or libraries collect data and send it discreetly to remote servers. Users are limited because they cannot block those accesses either.
The study carried out focused on a wide range of apps, commercial and free, to try to understand the scope of this problem. Of the 22,228 installed apps, more than 4 thousand had calls to these APIs present and collected data.
Android needs to fix these silent permissions
Of these, the vast majority used third-party libraries, which made calls to these APIs silently. There was also a general lack of knowledge on the part of the programmers that their apps made this collection, even for third parties.
This being a limited universe of apps, it is easy to understand that this can be a widespread policy in apps and developers. There will therefore be millions of apps with this behavior in the Play Store, collecting data from users.
Google is expected to soon change the rules for accessing these particular APIs. Initially created to detect conflicts and problems, they have, however, become the simplest, fastest and quietest way to obtain data from users.