© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Shopping apps are anything but harmless, researchers warn amid Black Friday

Ready to jump onto your favorite app to check the upcoming Black Friday sales? Beware: many of them hold access to your location data, texts, contacts, and the audio recording function.

Researchers at a privacy organization Incogni analyzed 640 popular shopping apps from the Google Play Store, uncovering potential security issues.

Ad libraries

As such, despite users commonly believing that ticking the “allow all permissions” button grants those rights only to the app they’ve downloaded, it’s not always the case. Two-thirds of shopping apps were found to share permissions with an average of 1.8 ad libraries, meaning that three companies on average get access to your data.

Ad libraries are advertisement kits incorporated by developers to show ads, allowing providers to make money while keeping the app free. According to researchers, the most common ad libraries are Google’s AdMob, AppsFlyer, and Adjust.

Although there is nothing uncommon about deploying ad libraries, granting them the same rights and permissions as the host app turns into a serious security issue. This is especially concerning since Android systems don’t differentiate between host app and ad library permission use.

On top of having access to the same rights, ad libraries might sometimes add additional permissions without the user’s or developer’s knowledge.

These ad libraries might contain malicious codes even if the apps themselves are legit. What is more, it’s very difficult for a user to figure out which networks serve ads on your apps, making the process even harder.

“In June 2016, an anti-malware company called Doctor Web revealed that 155 Google Play apps, with an estimated 2.8M+ collective downloads, had a Trojan called Android.Spy.305 embedded in their code. It was uncovered that the Trojan originated from an ad library the apps had used,” researchers explain.

While both paid and free apps include ad libraries, on average, free apps are twice more likely to use them – and they’re also downloaded 400 times more often. In turn, popular apps tend to use more ad libraries than less popular ones.

Endless permissions

While all apps require permissions, some are surely more intrusive than others – and hold on to more of your data than necessary.

According to the findings, three in five analyzed apps have permission to access your storage. This means that on top of storing files on your device, apps can also take pictures and videos – and another 22.3% have additional permission to record audio.

Almost 50% of shopping apps request permission to access precise (GPS) location, 15.8% request permission to read your contacts, 8% want to make direct calls, 6.1% request access to calendar events plus confidential information, and 1.6% request permission to read your text messages.

In addition, giving account permission allows apps to find accounts on the device (16.7%), add or remove accounts from your device (4.4%), and use accounts on your device (9.4%).

“This information may have left you wondering why shopping apps need permissions like record my audio or read my text messages. We don’t have the answer to that, unfortunately,” researchers add.

The more popular the analyzed app was, the more likely it was to request more permissions, with the top-ranking shopping apps in the US asking for over 22% more permissions than average.

More from Cybernews:

Database of nearly 500 million WhatsApp users’ mobile phones is up for sale

UK police leads Europol action against one stop spoofing shop

Black Basta behind aggressive US-based malware campaign

Amazon, Roblox, and Paypal users beware: crooks are after your payment data

US-funded Radio Free Asia agency reports summertime hack

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked