Your smartphones may be secretly talking, breaching security

New York: Do you use smartphone apps to organise lunch dates, make convenient online purchases or communicate the most intimate details of your existence? Beware, these apps may be secretly talking to each other and potentially breaching your security, researchers warn.

A study showed that applications on the android phones are able to talk to one another and trade information.

The biggest security risks were some of the least utilitarian — apps that pertained to personalisation of ringtones, widgets, and emojis, the researchers said.

“Researchers were aware that apps may talk to one another in some way, shape, or form,” said Gang Wang, assistant professor at Virginia Polytechnic Institute and State University, US.

But “this study shows undeniably with real-world evidence over and over again is that app behaviour, whether it is intentional or not, can pose a security breach depending on the kinds of apps you have on your phone”, Wang added.

The types of threats fall into two major categories, either a malware app that is specifically designed to launch a cyber-attack or apps that simply allow for collusion and privilege escalation.

In the latter category, it is not possible to quantify the intention of the developer, so collusion, while still a security breach, can in many cases be unintentional, the researchers said.

The findings were presented at the Association for Computing Machinery Asia Computer and Communications Security Conference in Dubai.

The team examined a whopping 110,150 apps over three years including 100,206 of Google Play’s most popular apps and 9,994 malware apps from Virus Share a private collection of malware app samples.

“Of the apps we studied, we found thousands of pairs of apps that could potentially leak sensitive phone or personal information and allow unauthorised apps to gain access to privileged data,” commented Daphne Yao, associate professor at Virginia Tech.

“We hope this study will be a source for the industry to consider re-examining their software development practices and incorporate safeguards on the front end,” Wang added.

IANS