More than 4,000 Google Play apps silently collect a list of all other installed apps in a data grab that allows developers and advertisers to build detailed profiles of users, a recently published research paper found.
The apps use an Android-provided programming interface that scans a phone for details about all other apps installed on the phone. The app details—which include names, dates they were first installed and most recently updated, and more than three-dozen other categories—are uploaded to remote servers without permission and no notification.
IAM what IAM
Android’s installed application methods, or IAMs, are application programming interfaces that allow apps to silently interact with other programs on a device. They use two methods to retrieve various kinds of information related to installed apps, neither of which is classified by Google as a sensitive API. The lack of such a designation allows the methods to be used in a way that’s invisible to users.