As it turns out, your Android apps are pairing together to share your data without asking for your permission first. Researchers from Virginia Tech developed a tool called DIALDroid to monitor exchanges of data between Android apps over the last three years, and what they've found is quite alarming.
The team at the Department of Computer Science at Virginia Tech's College of Engineering analyzed 110,150 apps and found that apps sometimes mine information from each other without bothering to ask for permission first.
Gang Wang, a member of the team at Virginia Tech, noted in a statement to New Scientist, that "Apps that don't have a good reason to ask for extra permissions sometimes don't bother. Instead, they manage to get information through other apps."
This puts a user's security and privacy at great risk. The Google Play Store screens all apps for viruses and other issues before listing them online, although, as New Scientist points out, these apps are screened only individually, and what happens after a user downloads the app is the problem.
Out of the 100,206 most downloaded apps on the Google Play Store, the research team found that 23,495 were secretly colluding with each other. According to Associate Professor Daphne Yao, in a statement at the Association for Computing Machinery Asia Computer and Communications Security Conference in Dubai, the apps that were sharing information between each other were sharing data that would "allow unauthorized apps to gain access to privileged data."
Of course, some of these apps could be sharing data unintentionally, but this also gives your data a greater risk to be exploited. The team found it possible that "thousands of pairs of apps could potentially leak" sensitive information to third-party apps.
Yao, at the conference, went on to note the risks associated with Android app behavior:
What this study shows undeniably with real-world evidence over and over again is that app behavior, whether it is intentional or not, can pose a security breach depending on the kinds of apps you have on your phone.
The apps that were in cahoots with each other were the ones that you would seemingly think to be the most innocent. An emoji app, for instance, could be the app that is currently running havoc with your data and creating the most mischief.
The team found that the information was passed around quite "recklessly," but that collusion between apps "is still quite low." For now, at least.
As more vulnerabilities between apps and a user's information become more well known, the chance for a developer to create malware that exploits your data is a near possibility and, well, not unheard of. Your data, your sensitive information—all of it—has the chance to be shared and sold without your permission, unless you put a stop to it first.
It's always recommended to study the permissions of your apps before downloading an application that could ultimately use your data against you. Also, feel free to use DIALDroid and monitor the exchanges of data between any of your current Android apps and take the steps needed to stop the free-sharing of your information without your permission. The DIALDroid program is open source, and is available on GitHub for you to check out and use.