Ever noticed that so many apps need access to your contact lists, browser history, location, and other personal data? As part of a fight back against this data-gobbling trend, a Bulgarian software developer has rewritten the Android operating system so that it gives apps bogus data.
Under the radical rebuild of the mobile operating system, you still click to grant apps permission to access your data, but the apps don’t get the real stuff. For bookmarks, it provides default ones that came with the device (such as www.google.com). For logs—which can store all sorts of data—and phone contacts, it simply returns empty ones.
“I don’t like applications accessing my location or phone book,” says the developer, Plamen Kosseff, who by day writes code for a software company, ProSyst, in Sofia, Bulgaria. “Why should they be accessing my phone book to see data I have from other people?”
Kosseff’s custom OS is part of a research trend toward giving users more control over how apps deal with their personal data in the wake of major leaks and revelations such as last year’s Carrier IQ controversy, in which an obscure piece of network-diagnostic software on 141 million phones was revealed to have the ability to transmit personal information.
On Thursday, NQ Mobile, a mobile security firm, formally released its mobile vault app, which provides a password-protected, encrypted part of your phone for storing sensitive data. Apps can access only the devices’ default contact list, for example, not the one you’ve put in the “vault.”
Xuxian Jiang, a security researcher at North Carolina State University, and colleagues are working on an application, still in the research stages, that’s a little more nuanced than Kosseff’s. Called “taming information-stealing smartphone applications,” or TISSA, it gives users more control over the information apps can access.