Fresh from concerns iOS apps are guilty of passing on personal data to third parties without permission, a report by Channel 4 News suggests the practice could be just as widespread on Android.

The programme claims analysis of code built in to many free apps available for Google's platform – carried out by MWR InfoSecurity - shows in-app ads are often given access to a device's contact list, location or camera without alerting the user in question.

Little is known as to how the data is then handled - ad network Mobclix cited as one of the firm's reportedly receiving the information - but a researcher at MWR claims users would be far more reluctant to download free releases for the platform if they knew such practices were commonplace.

A question of criminality

"We found that a lot of the free applications in the top 50 apps list are using advertising inside the applications, and that the permission that you grant to these applications is also granted to the advertiser," said the researcher.

"If users knew about this, I think they would be concerned about it. But at the moment I don't think they are aware of the situation and how widely their information can be used."

Brandishing the evidence, Channel 4 News sought the view of European Commission VP Viviane Reding, who claimed any apps involved in such practices are breaking European law.

"This really concerns me, and this is against the law because nobody has the right to get your personal data without you agreeing to this," said Reding.

"Maybe you want somebody to get this data and agree and it’s fine. You're an adult and you can do whatever you want. But normally you have no idea what others are doing with your data.

"They are spotting you, they are following you, they are getting information about your friends, about your whereabouts about your preferences.

"That is certainly not what you thought you bought into when you downloaded a free-of-charge app. That’s exactly what we have to change."

Repeat offender

Such concerns are, of course, nothing new.

Back in 2010, The Wall Street Journal claimed apps across both iOS and Android were transmitting data – such as a device's UDID – to third parties, though developers claimed the information was actually being legitimately forwarded on to associated social platforms, such as OpenFeint and Scoreloop.

A year later, mobile security firm AdaptiveMobile claimed six out of 10 iPhone owners were entirely unaware any forms of data – such as a user's location – were recorded, even by the developer behind the app in question.

"We are downloading more apps than ever before, but people are unaware that their location and other information can be harvested by applications," said VP of handset security at AdaptiveMobile Ciaran Bradley at the time.

"This is comparable to half of the population being unaware that they need to lock their front door. Whilst mobile operators do have a role to play to protect users, both need to step up and take responsibility."

Next steps

In response to the latest development, Google told Channel 4 News that it operates 'best practises for app makers to follow when it comes to user data', but the number of new titles submitted means it's impossible to screen apps before they make it on to Android Market.

Nonetheless, the fact the issue of user information has made headlines across the globe yet again will have businesses that aggregate user data of any kind – ad networks, or analytics platforms such as Flurry – looking on nervously, especially if  Reding moves to pursue the issue further within the EC.

You can see the Channel 4 News report in full below.



[source: Channel 4]