There is no doubt that smartphones are ideal as espionage devices. OnePlus is lately increased while caught as secret data from forwards you to partners; Google also continuously records data and sells it to third parties. This happens in part with our approval, but in some cases just so. And precisely to expose the latter, we lack simple technical means. The Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt plans to publish one of these soon.
Many mobile apps spy on you, collect data and communicate secretly with third-party servers. Details about you are recorded in additional libraries. Sometimes the app developer or service provider uses the information to improve their offer. Advertisers use it to create a user profile of you. This monitors your usage behavior, so that advertisements are tailored to you. The catch: The additional libraries are often gateways for cyber attacks, as they often have security gaps, as criticized by the Fraunhofer Institute SIT in Darmstadt, among others. And then your data may end up in bad hands.
In addition, smartphone users have little opportunity to protect themselves from mobile tracking or to identify the data flows to tracking services at all. It was only possible to intervene effectively until the smartphone was rooted, but then we lose the warranty and also create new security gaps.
The new tool MetaMiner is supposed to give you control over the tracking apps without rooting your smartphone. The app is designed to collect and analyze metadata. The official announcement explains:
The solution combines an analysis of the app or system network traffic with details about additional libraries in apps. From this, MetaMiner concludes whether an app uses tracking or communicates with other invasive actors (e.g. malware domain). This is comparable to an envelope that you look at without looking at the contents of the letter. With this type of analysis, MetaMiner itself does not compromise user privacy – communication content is not recorded and all information remains on the mobile device.
MetaMiner can:
- Detection of trackers in mobile apps
- Visualization of interactions with tracker services
- Protection of user privacy
- Block data flows to tracker services
- No need to compromise the security of the smartphone through rooting
- Acquisition and analysis of network data traffic directly on the smartphone
When and for which devices does the MetaMiner come?
Upon request, Michael Kreutzer explains that the Android version is currently in the prototype status. He assures us: “The app will be available in a few months.” Kreutzer did not want to comment on the exact functioning of how the app obtains the data before publication. The aim for the user should be to gain transparency about data flows to third-party servers, to filter data flows and to uninstall the intrusive apps.
The latter idea becomes exciting when it comes to system apps or services that are pre-installed on smartphones. How do you want to switch them off if they cannot be touched with the normal permissions?
How do you feel about collecting and sharing your metadata? Are you concerned with the problem or do you think it is more of an academic concern?