If you explicitly inform an Android app, “No, you don’t have permission to track my phone,” you probably anticipate that it won’t have abilities that let it do that. However, researchers say that thousands of apps have discovered ways to cheat Android’s permissions system, phoning home your device’s distinctive identifier and enough data to doubtlessly reveal your location as well.
Even in case you say “no” to one app when it asks for permission to see those personally-identifying bits of data, it may not be sufficient: a second application with permissions you have not denied can share those bits with the other one or depart them in shared storage where another app potentially even a malicious one can read it. The two apps won’t appear related. However, researchers say that as a result of they’re built utilizing the same software development kits (SDK), they will access that data, and there’s proof that the SDK owners are receiving the data. It’s like a kid asking for dessert which gets informed “no” by one parent so that they ask the other parent.
In keeping with research introduced at PrivacyCon 2019, we are talking about applications from the likes of Samsung and Disney that have been downloaded hundreds of thousands of times. They use SDKs built by Chinese search giant Baidu and an analytics firm known as Salmonads that might pass your data from one app to another (and to their servers) by storing it locally in your phone first. Researchers noticed that some apps utilizing the Baidu SDK might be making an attempt to quietly obtain this data for their use.