Skip to Content
Computing

Android App Warns When You’re Being Watched

Researchers find a way to give Android users prominent warnings when apps are tracking their location.
January 30, 2014

A new app notifies people when an Android smartphone app is tracking their location, something not previously possible without modifying the operating system on a device, a practice known as “rooting.”

The new technology comes amid new revelations that the National Security Agency seeks to gather personal data from smartphone apps (see “How App Developers Leave the Door Open to NSA Surveillance”). But it may also help ordinary people better grasp the extent to which apps collect and share their personal information. Even games and dictionary apps routinely track location, as collected from a phone’s GPS or global positioning system sensors.

Existing Android interfaces do include a tiny icon showing when location information is being accessed, but few people notice or understand what it means, according to a field study done as part of a new research project led by Janne Lindqvist, an assistant professor at Rutgers University. Lindqvist’s group created an app that puts a prominent banner across the top of the app saying, for example, “Your location is accessed by Dictionary.” The app is being readied for Google Play, the Android app store, within two months.

Lindqvist says Android phone users who used a prototype of his app were shocked to discover how frequently they were being tracked. “People were really surprised that some apps were accessing their location, or how often some apps were accessing their location,” he says.

According to one Pew Research survey, almost 20 percent of smartphone owners surveyed have tried to disconnect location information from their apps, and 70 percent wanted to know more about the location data collected by their smartphone.

The goal of the project, Lindqvist says, is to goad Google and app companies into providing more prominent disclosures, collecting less personal information, and allowing users to select which data they will allow the app to see. A research paper describing the app and the user study can be found here. It was recently accepted for an upcoming computer security conference.

In many cases, location information is used by advertisers to provide targeted ads. But information gained by apps often gets passed around widely to advertising companies (see “Mobile-Ad Firms Seek New Ways to Track You” and “Get Ready for Ads That Follow You from One Device to the Next”).

Google, which maintains the Android platform, has engineered it to block an app from gaining information about other apps. So Lindqvist’s team used an indirect method using a function within Android’s location application programming interface (API) that signals when any app requests location information. “People have previously done this with platform-level changes—meaning you would need to ‘root’ the phone,” says Lindqvist. “But nobody has used an app to do this.”

Google has flip-flopped on how much control it gives users over the information apps can access. In Android version 4.3, available since July of last year, users gained the ability to individually disable and enable apps’ “permissions” one by one, but then Google reversed course in December 2013, removing the feature in an update numbered 4.4.2, according to this finding from the Electronic Frontier Foundation.

The new app and study from Lindqvist’s team could help push Google back toward giving users more control. “Because we know how ubiquitous NSA surveillance is, this is one tool to make people aware,” he says.

The work adds to similar investigative work about Apple’s mobile operating system, iOS. Last year different academic researchers found that Apple wasn’t doing a good job stopping apps from harvesting the unique ID numbers of a device (see “Study Shows Many Apps Defy Apple’s Privacy Advice”). Those researchers released their own app, called ProtectMyPrivacy, that detects what data other apps on an iPhone try to access, notifies the owner, and makes a recommendation about what to do. However, that app requires users to first “jailbreak” or modify Apple’s operating system. Still, unlike Android, Apple allows users to individually control which categories of information an app can access.

“Telling people more about their privacy prominently and in an easy-to-understand manner, especially the location, is important,” says Yuvraj Agarwal, who led that research at the University of California, San Diego, and has since moved on to Carnegie Mellon University. Ultimately, though, Agarwal believes users must be able to take action on an app’s specific permissions. “If my choice is to delete Angry Birds or not, that’s not really a choice,” he says. 

Deep Dive

Computing

Inside the hunt for new physics at the world’s largest particle collider

The Large Hadron Collider hasn’t seen any new particles since the discovery of the Higgs boson in 2012. Here’s what researchers are trying to do about it.

Why China is betting big on chiplets

By connecting several less-advanced chips into one, Chinese companies could circumvent the sanctions set by the US government.

How Wi-Fi sensing became usable tech

After a decade of obscurity, the technology is being used to track people’s movements.

VR headsets can be hacked with an Inception-style attack

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.