A Case Study of Intra-library Privacy Issues on Android GPS Navigation Apps
Stylianos Monogios, Konstantinos Limniotis, Nicholas Kolokotronis, Stavros Shiaeles
The Android unrestricted application market, being of open source nature, has
made it a popular platform for third-party applications reaching millions of
smart devices in the world. This tremendous increase in applications with an
extensive API that includes access to phone hardware, settings, and user data
raises concerns regarding users privacy, as the information collected from the
apps could be used for profiling purposes. In this respect, this paper focuses
on the geolocation data and analyses five GPS applications to identify the
privacy risks if no appropriate safeguards are present. Our results show that
GPS navigation apps have access to several types of device data, while they may
allow for personal data leakage towards third parties such as library providers
or tracking services without providing adequate or precise information to the
users. Moreover, as they are using third-party libraries, they suffer from the
intra-library collusion issue, that could be exploited from advertising and
analytics companies through apps and gather large amount of personal
information without the explicit consent of the user.