������ý

“Many apps have access to functions in our mobile phones that they do not need in order to work. Why would my exercise app need access to my camera and list of contacts?” says Lothar Fritsh, a Docent in Computer Science at ������ý. “There is no system today which calculates the extent to which the apps intrude on our private lives.”

“Apps are often cheap, but people tend to forget that they pay with their personal information,” says Nurul Momen, a doctoral student in Computer Science at ������ý. “There are apps that register the user’s activities at regular intervals and send the information to various servers. This can lead to digital surveillance, profiling, and phishing, which may in turn result in personal risk.”

The researchers Lothar Fritsch and Nurul Momen at ������ý have collaborated with Majid Hatamian at Goethe University in Frankfurt to analyse four parameters of the ten most popular exercise apps for Android mobile phones. They have then created a model which calculates the identity protection of each app. The selected parameters are the reliability of the app integrity policy, user comments from the Internet, the capacity of the app code to download sensitive information, and the behavior of the app when it seeks information despite not being activated. The researchers have also compared the functions that apps need access to according to their integrity policy to the functions that the apps actually gain access to when they have been downloaded.

“We have found many problems with the apps that we have studied,” says Lothar Fritsch. “Among other things, several apps have access to more functions than they state in their policy. This model makes it possible to calculate how safe an app is, something that may for instance be valuable to consumers trying to decide if they are going to download an app or not.”

Read more about the study .