Android apps can be manipulated to access built-in sensors in phones and track your whereabouts and traffic patterns without your knowledge, a study has warned.
Researchers from Northeastern University built an Android app and used an algorithm that inserts data from the phone’s built-in sensors into graphs of the world’s roads. Then they applied the algorithm to various simulated and real road trips.
For each trip, the system then generated the five most likely paths taken. The results showed there was 50% chance that the actual path taken was one of the five. For $25, anyone can put an app on Google Play. Some of them may be malicious -no one is screening them.
If an Android app wants to access sensitive user information, it must let the user know. However, permission for such access is buried in terms-of-use agreements or comes up after the app is downloaded. An app in fact does not need your GPS or Wi-Fi to track you. He advised that the problem can be tackled by ensuring that apps do not run in the background when not in use.