Privacy Flag

Threat Observatory / Early Warning System

The PrivacyFlag Observatory is focused on providing a holistic overview of the privacy landscape in the modern Internet. The basic idea is to inform users, developers, stakeholders and researchers on the level of adoption of best practices as well as how prevalent insecure, obsolete and deprecated technologies are. Furthermore, interested parties can observe the rate of commitment to privacy related technologies for the most important web sites, since PrivacyFlag is based on active and live crowdsourcing.

PrivacyFlag Observatory is organized in three distinct categories, Confidentiality, Security and Privacy of Data. All of them are related to the Privacy of your Data in a direct or indirect way. Find why:

Apps' Permissions

Each android application is associated with a list of permissions that it requires to have access and all permissions are organized into groups. There is a list of permissions that are considered dangerous. PF analyzes the permissions and permission groups that each installed application has and evaluates them accordingly.

Percentage of evaluated apps that use permissions that belong to Camera group.

If an application has access to the device’s camera, it can take pictures with or without the user’s knowledge. For applications that are related to image editing or social networks and other communication tools it is normal to require such access to provide full functionality to the users. On the other hand, it might be a very serious privacy violation incident if an application grabs pictures without the user’s explicit consent.

Percentage of evaluated apps that use permissions that belong to Contacts group.

Personal Contacts information can be accessed after the appropriate security authorization in a mobile device. Applications that can handle calls, e-mailing or social media are expected to require permission to use such and similar information. Then, again, a malicious application might gain information about all people that you know.

Percentage of evaluated apps that use permissions that belong to Calendar group.

The Calendar is necessary for many applications to help you organize your time schedule and set up reminders. As the Calendar application “knows” your plans, such as meeting other people, attending events and visiting places, it is important that this information remains private, unless otherwise specified.

Percentage of evaluated apps that use permissions that belong to Location group.

By letting an application access your location, it can extract with great accuracy all your mobility patterns, e.g., when you commute to work during the day or go out at night. Therefore, the application can generate detailed information and maps about the places you live, work, travel and visit. An application might need that information to help you enhance your daily mobility efficiency or to suggest nearby restaurants and bars. Otherwise, location information might be considered sensitive information and therefore should be protected.

Percentage of evaluated apps that use permissions that belong to Microphone group.

Accessing the microphone implies that it possible to capture all discussions and sounds near the proximity of the mobile phone. That is entirely normal for applications that provide real time communication capabilities but it is, also, very risky since malware can turn your device into a powerful spying machine.

Percentage of evaluated apps that use permissions that belong to Phone group.

A very limited number of applications that provide real time communication capabilities might need to access your phone’s mobile telephony subsystem and should be granted permission. A malicious application on the other hand might use this functionality for initiating and receiving calls towards spying on you or to call premium toll numbers.

Percentage of evaluated apps that use permissions that belong to Sensors group.

Smart devices are equipped with a variety of sensors to enable the applications to monitor the motion, orientation and various enviromental conditions. If an application has access to the data of these sensors, it is possible to infer users’ behavior patterns and launch severe privacy inference attacks, such as keylogging, inferring user activity, profiling, and tracking.

Percentage of evaluated apps that use permissions that belong to SMS group.

Only a limited number of applications should require access to your SMS functionalities as the exchanged messages usually contain private and, perhaps, sensitive information. Therefore, an application that needs to read or write SMS on your behalf should clarify the purpose for doing this. Otherwise, information contained in the exchanged messages may became available to, perhaps, malicious third parties. In addition to that, malware may send SMS to premium toll numbers and, thus, increase your mobile carrier charges.

Percentage of evaluated apps that use permissions that belong to Storage group.

If an applications accesses the external storage of your mobile device, it can read, write or modify your existing documents, photographs and data. This could, possibly, lead to privacy violation if you tend to store private or sensitive information in an external storage device such as an SD card. Of course, for maintenance applications which need to periodically organize the contents of your system, permission to use the Storage group must be granted.

Number of evaluated apps that have permissions in each dangerous group.

This graph depicts the actual number of the evaluated applications that have permissions in each dangerous permission group.

Number of apps in users' devices and number of evaluated apps by users.

The PF Smartphone App stores in PF database all installed applications on user devices. However, the number of applications that are evaluated by the users is lower since users have to select to evaluate each application.

User Preferences.

The PF Smartphone App stores user preferences regarding the dangerous permission groups. This graph depicts an ordering of them (from most dangerous to the least one) which is estimated using Borda Count.


Privacy Policy