Is it paranoia if they’re actually out to get you? According to a year-long study, thousands of Android apps could be secretly recording your phone screen’s interactions, and sending that information to analytics companies to improve the ads sent your way.
People have been concerned that their phones have been physically watching them and eavesdropping on their conversation for years, and much has changed to stop that from happening. However, the idea that software would watch your phone’s screen and actions hasn’t been as big of a deal — but that could be about to change, as one study of 17,260 apps revealed that a number of those were secretly recording user behavior and habits, and sending it on to other companies. Those companies would then use the data to alter and refine their advertising profiles, leading to those oddly specific ads for items similar to those you’d been looking at a few hours earlier.
It’s important to note that none of the tested apps — which included apps from the Google Play Store, App China, Mi.com, and Anzhi — attempted to access the device’s microphone or send audio files. Instead, the testing program noted that multiple apps would share screen recordings with third parties. With that said, it’s also important to realize the limitations of the testing software. The software was set up to monitor files sent by apps, and did not possess the capabilities to create user accounts and passwords — essentially limiting the portions of an app it could test. The research team has also admitted that the test doesn’t prove that physical eavesdropping isn’t also taking place — it just proves the test wasn’t able to detect any instances of it happening.
That means information sent by a food delivery app, GoPuff, to analytics company AppSee included more sensitive user data — in this case, the zip codes of users. While this is apparently against AppSee’s terms of service, and personal data can be blocked by client apps, it’s not difficult to see how this sort of screen recording could be used to garner even more sensitive user data. In the overwhelming majority of cases, password entries are shown for a second before being replaced by an asterisk — and morally bankrupt individuals could use this same technique to harvest user passwords on a huge scale. Worryingly, the study states that these risks seem inherent in Android’s software, and highlights the lack of any user oversight, with no permissions needed and no warning taking place during the screen-capturing process.