A Case Study of Intra-library Privacy Issues on Android GPS Navigation Apps
This highlights privacy risks for Android users due to data leakage and collusion in GPS apps, though it is an incremental study focusing on specific apps.
The study analyzed five Android GPS navigation apps and found they access multiple device data types and may leak personal data to third parties like library providers or tracking services without adequate user information, with intra-library collusion enabling unauthorized data gathering.
The Android unrestricted application market, being of open source nature, has made it a popular platform for third-party applications reaching millions of smart devices in the world. This tremendous increase in applications with an extensive API that includes access to phone hardware, settings, and user data raises concerns regarding users privacy, as the information collected from the apps could be used for profiling purposes. In this respect, this paper focuses on the geolocation data and analyses five GPS applications to identify the privacy risks if no appropriate safeguards are present. Our results show that GPS navigation apps have access to several types of device data, while they may allow for personal data leakage towards third parties such as library providers or tracking services without providing adequate or precise information to the users. Moreover, as they are using third-party libraries, they suffer from the intra-library collusion issue, that could be exploited from advertising and analytics companies through apps and gather large amount of personal information without the explicit consent of the user.