Privacy Policy
The openness of the Android OS makes it possible for any handset manufacturer
to ship a custom version of the system, along with proprietary pre-installed
apps. These apps can be useful to users but can also be unwanted and cause harm
to users' privacy. Some Android vendors have recently come under scrutiny by
the media for collecting personal data from users and engaging in deceptive
practices.
Unfortunately, this software is not available on Android app stores for study.
This app will extract pre-installed software from your phone and send it to our
server for further analysis.
No personal and sensitive data is collected.
If you wish, we will also report to you our findings about the
privacy risks of your phone.
This app is part of an academic research project run by IMDEA Networks (Spain),
University Carlos III of Madrid (Spain), ICSI (Berkeley, USA) and Stony Brook
University (USA).
If you have any questions of if you would like to know more about the project,
you can contact us by email at iag DOT networks AT imdea DOT org
Permissions
This application only uses two permissions:
- Detect your connection (
ACCESS_NETWORK_STATE): this
is needed to detect wether or not you phone is connected to Internet,
and if you are using a Wi-Fi connection or not. The upload only happens
if you are connected over Wi-Fi.
- Access the phone state (
READ_PHONE_STATE): this is
used to get the IMEI of your device. The IMEI is never sent to our
server! We first compute its MD5 hash and use this hash as an
identifier. That way, it is simply impossible to trace back data back
to a user, and your IMEI stays on your phone.
- Internet access: As any networking application, an access to the
Internet is needed.
Data collection
This application will upload the following files from your device to our
servers:
- Pre-installed applications: we will upload all the files located
in the
/system/app and /system/priv-app
folders, which is read-only and does not contain user-installed
applications or any personal data
- Pre-installed libraries: we will upload all the files located in
the
/system/{lib,lib64} and
/system/vendor/{lib,lib64} folders, which does not contain
any personal data
- Pre-installed certificates: we will upload the certificates
located in
/system/etc/security/cacerts.
- Framework file and privacy policy: if possible, we will also
upload the framework file of your device and its privacy policy, if it
exists.
At the beginning of the upload, the application will ask you some questions
about your device. You are free not to answer these questions if you do not
want to. The app will also upload the following information about your device:
- your device manufacturer
- your device model
- your device product name
- your device build fingerprint
- your device Android version
- your timezone
- the MCC and MNC codes as well as the country code fo your SIM card
We need these information to classify the applications we receive. All the data
collected from your phone are stored with a random UUID. It is not possible for
us to link back the data we collected to an individual.
If you have any questions of if you would like to know more about the project,
you can contact us by email at iag DOT networks AT imdea DOT org