Researchers from the International Computer Science Institute found up to 1,325 Android apps that were gathering data from devices even after people explicitly denied them permission. Serge Egelman, director of usable security and privacy research at the ICSI, presented the study in late June at the Federal Trade Commission's PrivacyCon.

Android Apps Getting Personal Data Even When Users Explicitly Deny Them

The study looked at more than 88,000 apps from the Google Play store, tracking how data transferred from the apps when they were denied permissions. The 1,325 apps that violated permissions on Android used workarounds hidden in its code that would take personal data from sources like Wi-Fi connections and metadata stored in photos.

Researchers found that Shutterfly, a photo-editing app, had been gathering GPS coordinates from photos and sending that data to its own servers, even when users declined to give the app permission to access location data.

Most of the SDKs go to great lengths to obfuscate personal data to keep them secure. However, the same obfuscation technique is used by apps while transmitting sensitive data back to their server, escaping detection.

You must comply with applicable privacy laws around the world relating to the collection of data from children online. Be sure to review the Privacy section of these guidelines for more information. In addition, Kids Category apps may not send personally identifiable information or device information to third parties. Apps in the Kids Category should not include third-party analytics or third-party advertising. This provides a safer experience for kids. In limited cases, third-party analytics may be permitted provided that the services do not collect or transmit the IDFA or any identifiable information about children (such as name, date of birth, email address), their location, or their devices. This includes any device, network, or other information that could be used directly or combined with other information to identify users and their devices. Third-party contextual advertising may also be permitted in limited cases provided that the services have publicly documented practices and policies for Kids Category apps that include human review of ad creatives for age appropriateness.

Introduction to User Access Security Commonly Asked Questions Policy Issues User Access Security Countermeasures User Access Security Checklist A person with a "need-to-know" has been designated by school officials as having a legitimate educational or professional interestin accessing a record. Introduction to User Access SecurityUser access security refers to the collective procedures by which authorized users access a computer system and unauthorized users are kept from doing so. To make this distinction a little more realistic, however, understand that user access security limits even authorized users to those parts of the system that they are explicitly permitted to use (which, in turn, is based on their "need-to-know"). After all, there is no reason for someone in Staff Payroll to be given clearance to confidential student records. It Really Happens!Kim approached Fred cautiously. As the security manager, she knew how important it was to gather information completely before jumping to conclusions. "Fred, my review of our computer logs shows that you have been logging in and looking at confidential student information. I couldn't understand why someone in Food Services would need to be browsing through individual student test scores, so I thought I'd come by and ask you."Fred looked up at Kim as he if was surprised to be entertaining such a question. "Are you forgetting that I'm authorized to access student records?""You're authorized to access specific elements that relate to a student's free- and reduced-price lunch eligibility," Kim clarified. "That's the limit of your need-to-know.""I didn't know that my access was limited," Fred asserted honestly. "I figured that if my password got me into a file, it was fair game."Kim paused, realizing that it might be reasonable for Fred to have assumed that he was allowed to read a file if his password gave him access. "Hmm, I see your point, Fred, but in truth you shouldn't be accessing student record information that isn't related to your legitimate educational duties. I'm not going to make a big deal of it this time, but from now on, limit your browsing to the free- and reduced-price lunch information. In the meantime, I'm going to send a memo out to staff reminding them what need-to-know really means.""And you might want to reconsider how our password system works," Fred added. "It would have beenvery clear to me that I had no business in a file if my password wouldn't get me in."An organization cannot monitor user activity unless that user grants implicit or explicit permission to do so! While there is no question that an organization has the right to protect its computing and information resources through user access security activities, users (whether authorized or not) have rights as well. Reasonable efforts must be made to inform all users, even uninvited hackers, that the system is being monitored and that unauthorized activity will be punished and/or prosecuted as deemed appropriate. If such an effort is not made, the organization may actually be invading the privacy rights of its intruders!An excellent way of properly informing users of monitoring activities is through the opening screen that is presented to them. By reading a warning like the one that follows, users explicitly accept both the conditions of monitoring and punishment when they proceed to the next screen. Thus, the first screen any user sees when logging into a secure computer system should be something to the following effect:Never include the word "Welcome" as a part of the log-in process--it can be argued that it implies that whoever is reading the word is, by definition, invited to access the system. W A R N I N G !This is a restricted network. Use of this network, its equipment, and resources is monitored at all times and requires explicit permission from the network administrator. If you do not have this permission in writing, you are violating the regulations of this network and can and will be prosecuted to the full extent of the law. By continuing into this system, you are acknowledging that you are aware of and agree to these terms. Commonly Asked QuestionsQ. Is it possible to have a secure system if you have employees who telecommute or work otherwise non-traditional schedules?A. Yes. While particular countermeasures might need to be adjusted to accommodate non-traditional schedules (e.g., the practice of limiting users to acceptable log-in times and locations), a system with telecommuters, frequent travelers, and other remote access users can still be secure. Doing so may require policy-makers to think more creatively, but each security guideline needs to be customized to meet the organization's needs anyway (see Chapter 2). Q. Is the use of passwords an effective strategy for securing a system?A. Just because password systems are the most prevalent authentication strategy currently being practiced doesn't mean that they have become any less effective. In fact, the reason for their popularity is precisely because they can be so useful in restricting system access. The major concern about password systems is not their technical integrity, but the degree to which (like many strategies) they rely upon proper implementation by users. While there are certainly more expensive and even effective ways of restricting user access, if risk analysis determines that a password system meets organizational needs and is most cost-effective, you can feel confident about password protection as long as users are implementing the system properly--which, in turn, demands appropriate staff training (see Chapter 10). Q. Are all of these precautions necessary if an organization trusts its staff?A. Absolutely. While the vast majority of system users are probably trustworthy, it doesn't mean that they're above having occasional computing accidents. After all, most system problems are the result of human mistake. By instituting security procedures, the organization protects not only the system and its information, but also each user who could at some point unintentionally damage a valued file. By knowing that "their" information is maintained in a secure fashion, employees will feel more comfortable and confident about their computing activities. Initiating security procedures also benefits users by:

Policy IssuesUser access security demands that all persons (or systems) who engage network resources be required to identify themselves and prove that they are, in fact, who they claim to be. Users are subsequently limited to access to those files that they absolutely need to meet their job requirements, and no more. To accomplish this, decision-makers must establish policies regulating user account systems, user authentication practices, log-in procedures, physical security requirements, and remote access mechanisms.As discussed more completely in Chapter 2, a threat is any action, actor, or event that contributes to risk User Access Threats (Examples)Examples of user access threats include:Intentional acts (e.g., shared user accounts, hacking, and user spoofing or impersonating)Unintentional acts (e.g., delayed termination of inactive accounts, unprotected passwords, and mismanaged remote access equipment) User Access Security CountermeasuresThe following countermeasures address user access security concerns that could affect your site(s) and equipment. These strategies are recommended when risk assessment identifies or confirms the need tocounter potential user access breaches in your security system. Countermeasures come in a variety of sizes, shapes, and levels of complexity. This document endeavors to describe a range of strategies that are potentially applicable to life in education organizations. In an effort to maintain this focus, those countermeasures that are unlikely to be applied in education organizations are not included here. If after your risk assessment, for example, your security team determines that your organization requires high-end countermeasures like retinal scanners or voice analyzers, you will need to refer to other security references and perhaps hire a reliable technical consultant. Select only those countermeasures that meet perceived needs as identified during risk assessment (Chapter 2) or support policy (Chapter 3). Implement a Program in Which Every User Accesses the System by Means of an Individual Account:Limit user access to only those files they need to do their jobs: Providing access that is not needed greatly contributes to risk without a corresponding increase in benefit. Why bother?Avoid shared accounts: Individual activity cannot be differentiated unless there are individual accounts.Secure the user account name list: Because of its importance to system security, the user account list should be considered to be confidential and should never be made public. Give b consideration to storing it as an encrypted file.Monitor account activities: Keep a record of all system use (many systems perform this function through an audit trail feature).Terminate dormant accounts after a pre-set period of inactivity (e.g., 30 days): Legitimate users can always reapply and reestablish their accounts. See Chapter 9 for guidelines for authenticating messages transmitted over outside networks. Countermeasures like biometrics are probably beyond the realm of possibility (and necessity) in most, if not all, education organizations. Require Users to "Authenticate" Themselves in Order to Access Their Accounts (i.e., make sure that they prove that they are whothey are representing themselves to be):Select an authentication system: The right choice for an authentication system depends on the needs of the organization and its system, and should be based on the findings of a risk assessment (see Chapter 2). Note that the following options progress from least secure to most secure, as well as (not surprisingly), least expensive to most expensive:Something the user knows (e.g., a password--see below)Something the user has (e.g., an electronic key card)Something the user is (e.g., biometrics--finger printing, voice recognition, and hand geometry) There are tradeoffs associated with making passwords more difficult to remember than a pet's name or a person's initials (e.g., staff are more likely to write down password reminders). The costs and benefits of these tradeoffs should be considered in the organization's risk assessment (see Chapter 2). Passwords 2ff7e9595c