Your Android Apps Are (Probably) Not Snooping on You, a New Study Says

July 3, 2018, 11:02 PM UTC
IFA 2015 Consumer Electronics And Appliances Trade Fair
BERLIN, GERMANY - SEPTEMBER 04: Visitors try out the Honor 7 smartphone at the Huawei stand at the 2015 IFA consumer electronics and appliances trade fair on September 4, 2015 in Berlin, Germany. The 2015 IFA will be open to the public from September 4-9. (Photo by Sean Gallup/Getty Images)
Photo by Sean Gallup—Getty Images

Most people download apps on their phones without much thought to the ways their texts, photos, and voice calls might be shared. This has given rise to conspiracy theories that apps are often spying on us without our knowledge or consent.

A new study performed by researchers at Northeastern University with some help from UC Santa Barbara offers reassuring evidence that most smartphone apps aren’t stealthily snooping on the people who use them. But those that do — look out.

“From a set of 17,260 apps, we uncovered few instances of covert recording (i.e. apps taking pictures or videos without users intentionally doing so),” the study authors wrote.

“On the one hand, this is good news: a very large fraction of apps are not abusing the ability to record media,” the study said. “On the other hand, it could also indicate that our analysis missed other cases of media leaks.”

The study, which was first reported by Gizmodo, only focused on Android apps, while future research will look at iOS app permissions as well as mobile-app interactions with Internet-of-things devices.

“Taken together, our study reveals several alarming privacy risks in the Android app ecosystem,” the study said. For instance, food delivery app GoPuff and mobile beta-testing platform TestFairy were singled out as leaking video or screenshots, although it was unclear whether the leaks were inadvertent or nefarious.

Other sub-par practices noted by the researchers included photo-editing apps that processed images in the cloud without notifying users about it in privacy policies and apps that request permissions that they didn’t use, opening the door to third-party code that could exploit the generous permissions.

All that said, the authors cautioned that more work needs to be done to make the paper’s conclusion more definitive.