Android is great but while on a little break, I read a really great great piece of work that just reminded me that all the flexibility and power Android has means you have to be aware of those who are constantly trying to abuse it and this is especially true of Android permissions in your apps.
Location is a valuable piece of information that all smartphones are capable of tracking and storing, and knowing where you are and where you’ve been is also data that you should be aware of as well as having a choice on whether you give it up to 3rd parties or not. Add to this businesses who leak tracking data about their users or customers can be at risk of legal action if not correctly handled. So location is a big deal when it comes to controlling that data and apps that can secretly steal it need to be examined and this is why we now have a deep android permissions engine giving users the power to monitor and edit their app settings.
The white paper shows how a team managed to create an app that could gain access to various sensors including the accelerator, gyroscope and compass and then use that data to infer where a user is without asking for any app permissions at all. The way this worked was instead of actually asking the device for it’s “location”, the algorithm used instead worked out from various other pieces of movement sensors roughly where the device was instead from a known point. The results were scarily accurate though and probably enough to work out where the device was. It’s kind of like being in the boot of a car and understanding from bumps, sounds and the way the car moves where you might be.
Here at Raptor we use all kinds of apps to check a devices sensor list and if you install one of these onto a top phone like say a Samsung galaxy s7 then you might be surprised at the long list of sensors that the phone has and is constantly getting data from. In fact even we have to look up what they do from time to time!!
So the moral of this story? I think the moral I was getting at here was that we go on a lot about mobile devices here, Android, sensors etc etc and we as lovely nice people only ever wonder at how great all the things you can do are. However we need to remember that in the real world there are a lot of people and businesses who are intent on stealing data or abusing great technology and we all have to be careful of that, more now than ever before.
If in doubt, just come and work with us as we’ll make sure your data and your business is secure.