Report: Android developers deliberately postponed the upgrade of the SDK to collect user privacy
The Android development team launched Android version 6.0 as early as 2015 and used the new rights management mechanism to allow users to actively manage application-related permissions. However, quite a few Android developers are still using the old version of the SDK suite, and the research found that the developer’s approach is purposeful.
The research team of the University of Maryland recently released a report to expose the minds of developers. Simply put, developers do not actively upgrade to collect information. Some developers use the legacy development kits in their Android apps, which allows the app to continue to be granted permission without the user’s grant. These permissions include, but are not limited to, device location information, device serial number, Bluetooth, wireless network, mobile phone number, or even an address book or SMS record. Most users don’t know how to manage the permissions of the application and the users don’t even know it when they read the information in the background.
The researchers tested 13,599 popular applications from April 2016 to March 2018 and scanned each month to see if they updated the SDK kit. The results show that most Android developers prefer to use the old permission approval method to continue to access the user’s private data. In addition, the statistics also found that some applications upgrade the Android 6.0 SDK suite and actively reduce the application of non-essential permissions that are not related to the application itself.