beebom T:~# posts/android-app-developers-can-access-installed-apps-on-a-users-device/

Android App Developers Can Access Installed Apps on a User’s Device

Mar. 30, 2020

In an in-depth research report published recently, a huge privacy risk in Android was discovered by the researchers. It was found that Android apps use Google’s IAMs (Installed Application Methods) to get a list of other apps that are installed in a user’s device.

Now, you must have a lot of questions now. Like, “What are IAMs?” Or “what can the developers do with the list of apps that I use?”. Well, let me enlighten you.

Initially, Google created the Installed Application Methods (IAMs), a set of Android OS API calls (basically codes within Android), to enable developers to get specific data about the other apps in a user’s device to check for incompatibilities or improve their own applications by tweaking some features.

However, in the research, it was found thatsome of the Android apps make wrong use of these API calls and gather a list of users’ installed apps to sell it to advertisers. By analysing the other installed apps in a user’s smartphone, an advertiser can get a lot of information like the user’s gender, religious beliefs, languages he/she speaks or the age group. So, this poses a huge privacy risk for Android users.

Now, the research was conducted by four academics from Italy, Netherlands and Switzerland. In this process, the researchers analysed thousands of popular Android apps and their codes and looked for IAM API calls. They took exactly 14,342 Android apps from the top categories of the Play Store and another set of 7,886 apps whose source codes were published online.

After analysing these apps, it was found thatover 4,214 out of the 14,342 apps use the IAM calls within their code. This makes it over 30% of the top apps. Now, for the ones whose source code were already published online, only 2.89% use the said API calls.

Now, the worst part of this is thatusers can’t even protect themselves from this privacy risk as IAM-based fingerprinting are “silent methods”. This essentially means that the apps that use these API calls do not need your permission to run the codes in your device. Sometimes, IAM calls are even executed without the developers’ knowledge.

Bringing the latest in technology, gaming, and entertainment is our superhero team of staff writers. They have a keen eye for latest stories, happenings, and even memes for tech enthusiasts.