ICSI software analysts discovered more than a thousand Android applications that could bypass system licenses to gain access to data that should have been banned. Google still has no solution, it has to wait for the next generation.
The applications used different techniques, one of which accessed a repository that looked for unsecured items and downloaded additional information. They could have been files of other applications, which already had other permissions and stored the information thus obtained in the files. For example, if you rejected the app's location permit, it could bypass EXIF information stored in photos and gradually build location history. Similarly, Wi-Fi access can be used.
Improvement comes with Android Q
This is not a direct violation of permits. The programmers managed to find ways to get the necessary information without direct access to the system. Some of these applications had several million downloads and belong to companies like Baidu and Disney.
The issue was reported to Google last year, saying that repairs will occur in the upcoming Android Q, one of the last phase of the ongoing testing. However, the system is far from being able to reach all users, especially in terms of the speed at which some manufacturers are distributed with great updates. The advantage will be mostly users of the Pixel phone or Android One phone.