Do you know what do your phone’s apps do when you’re not using them?
Sure, each time you install an app, your phone tells you what the app can potentially do. But it’s hard to know much about what those apps are actually doing with those permissions. How often do they transmit your location? Are they tracking you even when you’re not using the app? Are they blowing through your data cap by uploading and downloading data behind your back?
A new Android tool called SpyAware aims to shed some light on the situation. It gives you a better idea of what your phone is doing when you’re not looking. No, it doesn’t give you a way of changing an app’s permissions. But unlike XPrivacy and other tools that do, it can run on potentially any Android phone, not just “rooted” phones that give you complete access to a phone’s operating system.
Developed by a Vancouver, Washington based company called Location Sentry, the tool is an effort to increase awareness of what data mobile apps are collecting and how that data is being used. “I think most people would say it’s OK for an app to take some information while they’re using it,” says company co-founder Craig Spiegelberg. “But what they’re discovering is that apps are mining data constantly in the background.”
After you install SpyAware, the app gives your phone an overall score based on how at risk the app thinks your device is overall. It also tells you how much data it has been using while you were idle, and which apps were active.
For $3, you can can upgrade to the full version, which is where things get really interesting. You can then see how dangerous SpyAware thinks each app on your phone could be based on “risky” permissions such as the ability to read your text messages, take pictures or record audio. You can also see how much data each app uses, how often it collects your location information, and where it sends data. Importantly, it lets you know what the apps that came preloaded on your phone—the ones that you never gave any permissions to at all—are doing.
If you find an app that you think is particularly suspicious, the “Take Action” screen includes options for uninstalling an app, reporting it to the FCC, leaving a review in Google’s Play Store, or sharing your findings on social media.
Meanwhile, the company has some work to do on making sure that users can trust SpyAware itself. It requires some pretty generous permissions in order to monitor what other apps are doing, and because it’s not open source, you’ve got to just take the company’s word that it’s not going to do anything malicious itself. Spiegelberg says that although the company doesn’t have plans to open source the app at the moment, users will eventually be able to export their usage data, so that they can analyze it on their own. But he does emphasize that Location Sentry never collects or sells its user info.
A Nudge for Apple and Google
The main issue, however, is that if you have an app that’s useful to you but requires excessive permissions, there’s not much you can do other than uninstall it. “If you want an app you’re presented with binary choice,” Spiegelberg says. “I want the app and I accept that they can take more info and use it however they want, or I don’t want the app.”
That’s something Spiegelberg hopes to change in the future. In fact, Location Sentry’s original product was app designed to stop unwanted tracking. But the app required elevated permissions to run correctly, and enabling those permissions—known as rooting—can be a complex process.
Spiegelberg realized that in order to make an app that would appeal to everyone, not just power users, rooting was out of the question. So he and his team conceived of SpyAware as a way to boost awareness of this lack of control. He hopes that eventually Apple, Google and other mobile technology companies will give users more granular control over what permissions they give their apps.