Many apps in these app stores are borderline spyware. Most users of these app stores don’t realize what these apps can do with the permissions they have. What’s important is education, and maybe a little shaming.
The solution is to make a database of all of these apps. Each app with be compared with the most similar apps and the minimum necessary permissions will be determined. For the most popular apps, a by-hand approach can be taken.
To determine which apps are actually spyware, android emulators would download the apps with test e-mail addresses and contacts. If the email addresses started getting spam mail, it would be clear who the culprit is. It should also be possible to sniff the traffic coming out of the app to see what’s being sent back to the app’s servers. If the app developer doesn’t use encryption, it should be possible to do statistical analysis of the contents of the packets and see under different emulated conditions if addresses, geo info, and other phone info are harvested.
Though I’m mostly focused on how to find the bad apples, the good ones are also important. For every app category that has competition, the apps that don’t ask for unnecessary permissions would be offered as alternatives to the possibly more popular but scammy apps.
No comments:
Post a Comment
Be kind.