英语巴士网

安卓应用会秘密追踪用户行踪

分类: 英语科普 

Three years ago, the Federal Trade Commission dimmed hopes for the Brightest Flashlight app for Android, slapping its developer with charges of consumer deception. Why? The app was transmitting users' locations and device IDs to third parties without telling the users or getting their permission. Permissions, though, are only a small part of the Android- app privacy story. 

New research from Northeastern's Guevara Noubir and colleagues shows that Android apps can be manipulated to reach inside your mobile phone to track your whereabouts and traffic patterns, all without your knowledge or consent.

The researchers know this because they built an Android app and tested it.

Their system uses an algorithm that inserts data from the phone's built- in sensors into graphs of the world's roads. The researchers applied the algorithm to various simulated and real roadtrips. For each trip, the system then generated the five most likely paths taken. The most recent results? A 50 percent chance that the actual path traveled was one of the five.

"For $25, anyone can put an app on Google Play, the store for Android apps," says Noubir, professor in the College of Computer and Information Science. "Some of them may be malicious--no one is screening them."

If an Android app wants to access sensitive user information, such as location,it must let the user know. But often permission for such access is buried in terms- of- use agreements--the small print that many users don't read--or comes up not when the app is downloaded but later, unbeknownst to the user, when access for that information kicks into gear.

Android apps present further privacy risks because they automatically have access to key sensors inside the phone that detect the device's location, movements, and orientation. Together these sensors can provide clues to everything from the route you take to work to whether you carry your phone in your pocket (the phone is relatively stable) or your purse (it swings).

"In our research we show that an app in fact does not need your GPS or Wi- Fi to track you," says Noubir. "Just using these sensors, which do not require permissions, we can infer where you live, where you have been, where you are going."

猜你喜欢

推荐栏目