July 6, 2012
New Smartphone App Helps Maintain Privacy On Your Device
Lee Rannals for redOrbit.com - Your Universe Online
As the smartphone industry continues to grow, so does privacy concerns, but one new application might be putting an end to it.
Computer scientists from SaarbrÃ¼cken have developed the app "SRT AppGuard" to keep smartphone applications from stealing personal information.
"My smartphone knows everything about me, starting with my name, my phone number, my e-mail address, my interests, up to my current location," computer science professor Michael Backes said in a press release.
He said he is not surprised that several apps display simple functionality upfront, but in the background are detailing the location of a user, stealing contact details of friends, and send the identification number of the device out.
A study by a team from the University of California in Santa Barbara found that 21 percent of the 825 apps examined by the iPhone forwarded the ID number of the device , four percent sent out the location of the user, and 0.5 percent copied the address book.
Android devices are even considered worse offenders, because if a user wants to install a downloaded app, they must accept conditions like having access to rights of data, or the app will not be installed.
"Moreover, many developers generally claim all rights for their app because the concept of privileges of Android is misleading, but they want to ensure the smooth functioning of their app nevertheless," Philipp von Styp-Rekowsky, PhD student at the chair in IT security and cryptography, said in a press release.
So, the team created SRT AppGuard, which shows the user for each application installed on a smartphone what information it accesses.
The SaarbrÃ¼cken team uses the fact that the Android apps work in a virtual machine, which is written in the computer language Java. Apps are saved on the smartphone as executable "byte code" after installation, which is what allows SRT AppGuard to come into play.
While the suspicious app is running, SRT AppGuard is checking its byte code for the security-sensitive instructions. It adds a special control code in front of the suspect comment or procedure. This overwriting process just takes a few seconds, and a small number of lines of additional code.
The app doesn't just provide alerts for the user, but also is able to block suspicious requests, or change them so they cannot do any harm.
"Thus, we can also prevent the use of known security vulnerabilities of the respective apps or Android operating system," Backes said in the press release. "This possibility is very important if the manufacturer cannot provide security fixes in time."