Your smartphone can watch you if it wants to, study finds

Internet users have grown used to the idea that they can be tracked and profiled as they browse the web, but what about the specific risks of smartphones?

With an array of sensors, GPS, cameras, and microphones, if any device could be used to monitor a person’s life, surely it would be the smartphone.

According to a study conducted by researchers at Northeastern University in Boston – titled Panoptispy just to make its readers feel uneasy as they’re reading it – the truth of smartphone surveillance turns out to be a little more complicated.

The report looked at data from 17,260 Android apps from Google Play (plus Chinese app stores Ap-pChina,, and Anzh). The researchers then used an automated tool to identify a subset of at least 9,100 that might leak data after doing things like accessing the camera or microphone.

One cause for confusion is that even when an app developer has no interest in monitoring its users through media APIs, that doesn’t mean that third-party libraries embedded in those apps for advertising or other purposes don’t set out to do that. Plus, confusingly, apps can also request media permissions when they’re installed without ever using them, possibly because they needed this in older app versions, but developers never changed that setting.

Not to mention that:

The mapping between Android permissions and their associated API is surprisingly poorly documented, potentially leading to developer confusion.

From this you start to get some idea as to why this sort of detailed study into what our apps get up is tough to carry out – if the developers don’t even know what they’re asking for, working out how permissions and APIs are being abused becomes trickier.

The good news is that of the more than 17,000 apps analysed, in only “a few instances” were apps found to be recording video, images or sound covertly (that is unexpectedly and without the user being aware) and sending them back to the app’s maker or a third party.

Even apps that do this appear to do so out of a misplaced understanding of privacy rather than any maliciousness – for example a delivery app called GoPuff was discovered to be sending screen recordings in order to better understand how users were interacting with it.

Another included an API, TestFairy, that took 45 screenshots without permission, supposedly to aid beta testing not disclosed to anyone installing it.

Start typing and press Enter to search