New App To Fix Android's Privacy And Data-Security Holes Coming Soon

Android leak

Android phones have many good qualities, but privacy protection and personal data security aren't high on the list. Enter a new app that enables privacy mode.

Researchers at North Carolina State University tackled the emerging concerns about user-data privacy protection in Android smartphones. To combat leaking data, prevent apps from sharing data that users would prefer they didn't, and to prevent data loss if an app is maliciously searching for info, a team under Dr. Xuxian Jiang put together has created a new mode for Android devices that adds in a user-controlled privacy interface.

The system is called Taming Information-Stealing Smartphone Applications (TISSA), and its primary task is to install customizable privacy settings for the level of information that each app can access and/or share. The settings can be tweaked dynamically, and could be adjusted each time you run an app if you so choose. Essentially, it lets you switch between "trusted," "anonymized," "bogus," and "empty"--apps that are trusted are allowed free reign, apps that are anonymized are sent general information but barred from accessing "real" personal data, and "bogus" apps get sent fake data. The highest setting ,"empty," merely tells apps that request personal data that is does not exist or is unavailable.

Jiang has suggested the system could be customized, adding extra specialization options for particular types of personal data, and even for different applications, but for now it's a one-size-fits-all affair and the team is investigating how it could make its research available to Android users. The hands-on management the system requires even lines up pretty well with the way Android users have to manage their existing apps to ensure they don't use up too many system resources.

The question remains, of course, why Android doesn't have this kind of protection built in to the core OS. It's something that Apple's highly controlled iOS code includes, and has actually improved over time. Recent adjustments to iOS have even seen visual alerts that remind users an app is asking for personal information, like location, even though you can choose to share that data on a per-app basis. What iOS lacks is the "anonymized" or "bogus" setting equivalents to send misleading data to an app--but it's something Apple would be unlikely to sanction, because such data is used to drive advertising systems which earn developers money, and the money is one of the attractions of iOS as a platform. 

We can gain a little insight as to why Android needs a third party app like this from the recent pronouncements of Andy Rubin about fragmentation. According to Google's engineering exec, the platform doesn't need protection from fragmentation because the protocols already in place are good enough and the key to everything is openness. If we extrapolate this stance to privacy/protection matters, then it's basically in the hands of the users, the gods, and third-party developers who are trying to help.

[Image via Flickr user ptc24]

To read more news like this follow Kit Eaton himself and Fast Company on Twitter.

Add New Comment

0 Comments