|
|
此文章由 lingyang 原创或转贴,不代表本站立场和观点,版权归 oursteps.com.au 和作者 lingyang 所有!转贴必须注明作者、出处和本声明,并保持内容完整
在Android Market上排名前50位的免费Android应用泄漏用户数据,如联系人,日历和位置信息给广告商们,
The user permissions granted to certain apps are also passed on to advertisers via a mobile ad network, Channel 4 News said in a blog post on Sunday. The Channel 4 News research was undertaken by UK security company MWR InfoSecurity.
"We found that a lot of the free applications in the top 50 apps list are using advertising inside the applications, and that the permission that you grant to these applications is also granted to the advertiser," a representative of MWR InfoSecurity told Channel 4 News. "If users knew about this, I think they would be concerned about it. But at the moment I don't think they are aware of the situation and how widely their information can be used."
MWR InfoSecurity researchers told ZDNet UK on Monday that the apps involved were SoundHound Free by SoundHound Inc; Talking Tom 2 free, Talking Tom and Talkingpierre by outfit7; Fruit Ninja by Halfbrick; and Cartoon Camera by Fingersoft, and that the code used to grant advertiser access pointed to mobile advertising network MobClix.
"When an app wants an ad in the app, it needs to refer to a third party," MWR InfoSecurity security consultant Rob Miller told ZDNet UK. "That third party was MobClix."
Reverse engineering
The security company reverse-engineered a number of free Android apps to look at the source code, and found Java functions that gave advertisers access to personal information via MobClix.
"The apps talk to adverts they are hosting via JavaScript — the apps contain Java, which the the ads, containing JavaScript, can talk to," said Miller. "The app will open Java functions... interacting with calendar or contact details."
MobClix, part of the mobile marketing company Velti, had not responded to a request for comment at the time of writing.
Read this
Google aims for an Android in every pocket
Read more
European justice commissioner Viviane Reding, who is leading regulatory efforts to update European law, told Channel 4 News that users need to consent to sharing personal data.
"This really concerns me, and this is against the law because nobody has the right to get your personal data without you agreeing to this," said Reding. "They are spotting you, they are following you, they are getting information about your friends, about your whereabouts, about your preferences.
"That is certainly not what you thought you bought into when you downloaded a free-of-charge app. That's exactly what we have to change."
Miller told ZDNet UK that apps on Google's Android Market, which are screened by Android Bouncer for security issues, are not screened by Google for privacy issues.
"It's up to the user to read the permissions when installing the app," said Miller. "If you're not willing to divulge your information, don't install it."
http://www.zdnet.co.uk/news/secu ... vertisers-40095193/
[ 本帖最后由 lingyang 于 2012-3-6 11:31 编辑 ] |
|
冷咖啡 (2007-9-9) 半空中 
发表于 2012-3-6 10:30
