A huge privacy risk in Android was discovered by the researchers. It was found that Android apps use Google’s IAMs (Installed Application Methods) to get a list of other apps that are installed in a user’s device.
IAM is a set of Android OS API calls (basic codes within Android), to enable developers to get specific data about the other apps in a user’s device to check for incompatibilities or improve their applications by tweaking some features.
In the research, it was found that some of the Android apps make wrong use of these API calls and gather a list of users’ installed apps to sell it to advertisers. By analyzing the other installed apps in a user’s smartphone, an advertiser can get a lot of information like the user’s gender, religious beliefs, languages he/she speaks or the age group. So, this poses a huge privacy risk for Android users.
The research was conducted by four academics from Italy, Netherlands and Switzerland. In this process, the researchers analyzed thousands of popular Android apps and their codes and looked for IAM API calls. They took exactly 14,342 Android apps from the top categories of the Play Store and another set of 7,886 apps whose source codes were published online.
After analyzing these apps, it was found that over 4,214 out of the 14,342 apps use the IAM calls within their code. This makes it over 30% of the top apps. Now, for the ones whose source code was already published online, only 2.89% use the said API calls.
The worst part of this is that users can’t even protect themselves from this privacy risk as IAM-based fingerprinting is “silent methods”. This essentially means that the apps that use these API calls do not need your permission to run the codes in your device. Sometimes, IAM calls are even executed without the developers’ knowledge.
The research paper, “Leave my Apps Alone! A Study on how Android Developers Access Installed Apps on Users’ Device”, will be presented by the researchers at the MOBILESoft 2020 in South Korea. You can check out the report for an in-depth view on the topic.