A group of researchers from Pennsylvania State University, Duke University and Intel Labs have investigated the behaviour of smartphone applications. After looking at 30 popular Android apps they found that two-thirds of the applications displayed 'suspicious handling' of sensitive data, with half the apps reporting users' locations to advertising servers without any apparent consent. In addition, seven applications transmitted the IMEI (serial number) of the phone without any clear consent.
The researchers used their own 'TaintDroid' software to monitor activity. Their findings will be presented at the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI’10) next week.
William Enck, a graduate student of computer science and engineering at Penn State – and co-leader of the study – said "We were surprised by how many of the studied applications shared our information without our knowledge or consent. Often, smartphone applications have obvious user interface changes when they use information like your physical location. These cases usually occur in response to the user pressing a button with clear implications. The cases we found were suspicious because there was no obvious way for the user to know what happened or why."
[TaintDroid research website]