A study was published this week that surveyed the potential for unwanted multimedia recordings in phones by Android apps. Having worked with 17,260 apps in all, this study group’s results might at first seem exceedingly thorough. In reality, though, given the number of apps the average person uses regularly (very few, that is), the results of this research show something disturbing, but not particularly common.
In the study we’re looking at today, this crew concluded that “several apps” in their study of 17-thousand+ “leak content recorded from the camera and the screen over the internet.” It is absolutely possible that you’ve downloaded one of these apps, and that your smartphone recorded you and sent video to a 3rd-party source. But it’s not likely.
Of the apps tested, 15,627 came from Google Play, 392 came from Mi.com, 468 came from AppChina, and 883 came from Anzhi. Of those, just 21 apps showed potential for app-generated network traffic sending media. Just 12 of those apps leaked media without the end-user’s permission.
ABOVE: Summary of detected media in app-generated network traffic. Of the 21 cases, we find 12 to be leaks (bolded in the first column): they are either unexpected media transmissions (noted in the last column) or sent in plaintext (bolded in the “Request Method” column), exposing potentially sensitive information to eavesdroppers.
Notice any names you recognize in the list above? This is a great example of a reason why avoiding 3rd-party app stores is a GREAT idea. Even if all 12 potentially malicious apps came from Google Play, the sample size is just 0.077-percent of the whole. That’s a pretty good job done by Google in this case – props where props are due. Now we see if Google destroys those apps that this study pointed out.
NOTE: Those users on iPhone, don’t worry – they’ll get to you soon. The research group that authored the study we’re looking at today acknowledged the fact that their first study is Android only. They’ve suggested that they’ll be investigating iOS apps next.
For more information on this study, have a peek at the paper “Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications.” This paper is available on Meddle through the Proceedings on Privacy Enhancing Technologies 2018; 18 (4):11-18. This paper was authored by researchers Elleen Pan, Jingjing Ren, Martina Lindorfer, Christo Wilson, and David Choffnes. Each of these researchers attended and worked on this research at Northeastern University, with the exception of Ms. Lindorfer, who hails from UC Santa Barbara.