A new research survey of hundreds of Android apps has revealed that over three-quarters of them use at least one third-party tracking tool, as Yale found.
A new research survey of hundreds of Android apps has revealed that over three-quarters of them use at least one third-party tracking tool.
In the study, researchers from the French research firm Exodus Privacy, in collaboration with Yale University’s Privacy Lab, conducted an extensive analysis of the mobile applications for the signatures of 25 commonly-used trackers that use a number of techniques to collect users’ personal information so as to be able to target them for ads and other services.
Some of the mobile apps are found to be employing some sort of tracking plugin tool including popular Google Play Store apps like Spotify, Tinder, OKCupid, and Uber. These four apps use a Google-owned service known as Crashlytics whose basic function is to track app crash reports. However, Crashlytics also has the ability to get more insight into user behaviors, for instance, by collecting data on what they are doing and accordingly send them live social content aimed at delighting them.
Other trackers, though less commonly used, go much further than that. FidZup, cited by Yale, is one such tracker. This French tracking service provider is equipped with technology to detect the presence of smartphones using ultrasonic tones. However, FidZup says that it no longer applies this technology since tracking its users via simple Wi-Fi networks has proved to work just as well.
FidZup’s practices are very similar to Teemo’s. Formerly referred to as Databerries, Teemo is the tracking technology firm that was earlier in 2017 embroiled in a major scandal in France after it was found to be collecting the geolocation data of up to 10 million citizens of the European country. SafeGraph also used similar technology to collect 17tn geolocation markers for up to 10 million smartphones during Thanksgiving in 2016, causing an uproar. Both Teemo and SafeGraph can now be easily identified by Exodus scans after they were profiled by Yale’s Privacy Lab after the scandals. The Privacy Lab is using the findings from this research survey to call on Google and app developers take measures to enhance transparency regarding privacy and security practices.
According to the research group, it is important that users of Android and other app platforms are guaranteed privacy via a trusted chain of software design, development, deployment, distribution, and installation. No unknown or masked code from third parties should be in apps.
Although iOS apps were not analyzed in this particular study, Yale and Exodus are warning consumers that things may be no better on the App Store because many of the same distributors of Google Play apps also do so for Apple products and tracking software firms openly run ads for multi-platform SDKs. Therefore, advertising trackers could be also packaged for both iOS and Android as well as other less popular mobile platforms. That is why these findings should alarm privacy advocates and security scholars to take more steps in addressing the underlying transparency issues.