The Android unrestricted application market, being of open source nature, has made it a popular platform for third-party applications reaching millions of smart devices in the world. This tremendous increase in applications with an extensive API that includes access to phone hardware, settings, and user data raises concerns regarding users privacy, as the information collected from the apps could be used for profiling purposes. In this respect, this paper focuses on the geolocation data and analyses five GPS applications to identify the privacy risks if no appropriate safeguards are present. Our results show that GPS navigation apps have access to several types of device data, while they may allow for personal data leakage towards third parties such as library providers or tracking services without providing adequate or precise information to the users. Moreover, as they are using third-party libraries, they suffer from the intra-library collusion issue, that could be exploited from advertising and analytics companies through apps and gather large amount of personal information without the explicit consent of the user.
翻译:开放源码的安道尔无限制应用市场是开放源码的,它已成为全世界数百万智能装置的第三方应用的流行平台。 拥有广泛的API(包括使用电话硬件、设置和用户数据)的应用大量增加引起了对用户隐私的关切,因为从应用程序收集的信息可用于特征分析目的。在这方面,本文件侧重于地理定位数据,分析五种全球定位系统应用,以便在没有适当保障措施的情况下确定隐私风险。我们的结果显示,全球定位系统导航应用程序可以访问几种类型的设备数据,而允许个人数据渗漏到第三方,例如图书馆提供者或跟踪服务,而没有向用户提供充分或准确的信息。此外,由于它们使用第三方图书馆,它们受到图书馆内部串通问题的影响,因此可以通过应用程序和分析性公司利用这些应用程序,并在未经用户明确同意的情况下收集大量个人信息。