Researchers create Android app to show when other apps track you

The app shows users when other apps are accessing their location

A team of researchers has developed an Android app to help people better understand when their location is being accessed, something that happens more often than people think.

"All apps that access location need to request permission from the Android platform," Janne Lindqvist, who led the research project, said via email. "The problem is that people don't pay attention to these default disclosures."

Android phones display a flashing GPS icon when apps are trying to access the user's location. But few people notice or understand what the icon is telling them, the researchers found.

The app they developed is designed to fix that, by making it clearer to users when other apps are accessing their location data. They tried several methods, including a message that flashes on the device's screen reading, "Your location is being accessed by [app name]."

There's no obvious way in Android for an app to monitor whether other apps are accessing location, the researchers said, but they discovered they could exploit a method in the Android Location API as "an effective side channel."

They're are in the process of readying their app for the Play Store. It doesn't have an official name yet, but the working title is the RutgersPrivacyApp. "I'm happy to hear suggestions for a better one," Lindqvist said.

They tested the app with a small group at Rutgers University in New Jersey. They said it was the first study to examine how people respond when apps tell them they're being tracked.

The issue of apps collecting data isn't new, and recent disclosures about government surveillance have shown that intelligence agencies might also be tracking data from apps. A recent report said mobile versions of Facebook, LinkedIn and Twitter were of interest to government spies.

Other research from Carnegie Mellon University in Pennsylvania has shown that seemingly harmless apps like Angry Birds and have gathered some surprising types of information about their users, like their location and device ID.

At Rugers, the researchers wanted to learn how disclosures about location affected users' attitudes towards apps. They tested the app on several Android devices, using a variety of apps including Firefox and Tunein Radio.

Participants said they were surprised at some of the apps that accessed their location, and that some apps accessed their location more frequently than they would have expected.

Lindqvist hopes to make Android users more aware of location tracking so they can make better decisions about their privacy. He would also like Google to provide better privacy controls and notices in Android.

He said he focussed on Android rather than Apple's iOS partly because the process of publishing an app in the Google Play Store is simpler, he said.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesGooglesecurityMobile OSesmobileIdentity fraud / theftinternetprivacymobile applicationsAndroid OS

More about AppleCarnegie Mellon University AustraliaFacebookGoogleIDGMellon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Zach Miners

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place