Android App Devs Can Access Installed Apps on a User's Device

In an in-depth research report published recently, a huge privacy risk in Android was discovered past the researchers. It was constitute that Android apps utilize Google's IAMs (Installed Awarding Methods) to go a listing of other apps that are installed in a user's device.

Now, y'all must take a lot of questions now. Like, "What are IAMs?" Or "what can the developers do with the list of apps that I apply?". Well, let me enlighten you.

Initially, Google created the Installed Awarding Methods (IAMs), a set of Android OS API calls (basically codes within Android), to enable developers to go specific information about the other apps in a user's device to bank check for incompatibilities or improve their own applications past tweaking some features.

Withal, in the research, information technology was constitute that some of the Android apps make wrong use of these API calls and gather a listing of users' installed apps to sell it to advertisers. By analysing the other installed apps in a user'due south smartphone, an advertiser can become a lot of information like the user'due south gender, religious behavior, languages he/she speaks or the age grouping. So, this poses a huge privacy run a risk for Android users.

At present, the research was conducted by iv academics from Italy, Netherlands and Switzerland. In this process, the researchers analysed thousands of popular Android apps and their codes and looked for IAM API calls. They took exactly 14,342 Android apps from the top categories of the Play Store and another set of seven,886 apps whose source codes were published online.

Later analysing these apps, it was found that over iv,214 out of the 14,342 apps use the IAM calls within their code. This makes information technology over 30% of the acme apps. Now, for the ones whose source code were already published online, but ii.89% use the said API calls.

At present, the worst part of this is that users tin't even protect themselves from this privacy take a chance every bit IAM-based fingerprinting are "silent methods". This essentially means that the apps that use these API calls do not need your permission to run the codes in your device. Sometimes, IAM calls are even executed without the developers' knowledge.

The research paper, "Leave my Apps Lone! A Study on how Android Developers Access Installed Apps on Users' Device", will exist presented by the researchers at the MOBILESoft 2020 in South Korea. You can bank check out the study for an in-depth view on the topic.