Ready to jump onto your favorite app to check the upcoming Black Friday sales? Beware: many of them hold access to your location data, texts, contacts, and the audio recording function.
Researchers at a privacy organization Incogni analyzed 640 popular shopping apps from the Google Play Store, uncovering potential security issues.
As such, despite users commonly believing that ticking the “allow all permissions” button grants those rights only to the app they’ve downloaded, it’s not always the case. Two-thirds of shopping apps were found to share permissions with an average of 1.8 ad libraries, meaning that three companies on average get access to your data.
Ad libraries are advertisement kits incorporated by developers to show ads, allowing providers to make money while keeping the app free. According to researchers, the most common ad libraries are Google’s AdMob, AppsFlyer, and Adjust.
Although there is nothing uncommon about deploying ad libraries, granting them the same rights and permissions as the host app turns into a serious security issue. This is especially concerning since Android systems don’t differentiate between host app and ad library permission use.
On top of having access to the same rights, ad libraries might sometimes add additional permissions without the user’s or developer’s knowledge.
These ad libraries might contain malicious codes even if the apps themselves are legit. What is more, it’s very difficult for a user to figure out which networks serve ads on your apps, making the process even harder.
“In June 2016, an anti-malware company called Doctor Web revealed that 155 Google Play apps, with an estimated 2.8M+ collective downloads, had a Trojan called Android.Spy.305 embedded in their code. It was uncovered that the Trojan originated from an ad library the apps had used,” researchers explain.
While both paid and free apps include ad libraries, on average, free apps are twice more likely to use them – and they’re also downloaded 400 times more often. In turn, popular apps tend to use more ad libraries than less popular ones.
While all apps require permissions, some are surely more intrusive than others – and hold on to more of your data than necessary.
According to the findings, three in five analyzed apps have permission to access your storage. This means that on top of storing files on your device, apps can also take pictures and videos – and another 22.3% have additional permission to record audio.
Almost 50% of shopping apps request permission to access precise (GPS) location, 15.8% request permission to read your contacts, 8% want to make direct calls, 6.1% request access to calendar events plus confidential information, and 1.6% request permission to read your text messages.
In addition, giving account permission allows apps to find accounts on the device (16.7%), add or remove accounts from your device (4.4%), and use accounts on your device (9.4%).
“This information may have left you wondering why shopping apps need permissions like record my audio or read my text messages. We don’t have the answer to that, unfortunately,” researchers add.
The more popular the analyzed app was, the more likely it was to request more permissions, with the top-ranking shopping apps in the US asking for over 22% more permissions than average.
More from Cybernews:
Subscribe to our newsletter