Data collection and exchange through mobile applications are out of control, experts warn
A research conducted by cybersecurity and digital forensics specialists estimates that almost 90% of the free apps in the Google Play Store share data with Google’s parent company, Alphabet. The company mentions that its policies are always clear about how the developers are enabled to handle the data, and that the investigations carried out by external organizations have made some mistakes, like confusing some ordinary functions in apps with user data access permissions.
“If an application violates our access to personal data policy, we take action immediately”, Google said in a statement.
Many free applications track the behavior of their users through many different digital services, allowing developers to create detailed profiles of people using the application. According to digital forensics specialists from the International Institute of Cyber Security, these data may include age, sex, location and information about other applications on a smartphone.
Data can be used for a number of purposes, including targeted advertising, credit scoring, or specially-designed political campaign messages, researchers mentioned.
Revenues from online advertising are estimated to exceed $59 billion USD per year in the United States alone.
“Many people are unaware of how the data they share in applications comes at the hands of advertising entrepreneurs, data brokers and other organizations”, says Nigel Shadbolt, who is in charge of the research. “Business people are desperate to reach as many views and clicks as possible that there is not the slightest notion of control”.
The data tended to focus on large companies and their subsidiaries. Digital forensics experts found that more than 88% of free applications in Google Play shared information with Alphabet-owned companies. In addition, nearly 43% of applications share data with Facebook, while significant percentages share data with Twitter, Verizon, Microsoft, and Amazon.
Researchers also found news applications, and applications targeted at children, who share information with large corporations.
On the other hand, Google mentions: “Google and Google Play have clear policies and guidelines on how third-party developers and applications can handle user data; we require developers to be clear and request the explicit consent of the user to share their data. If an application violates our policies, we act immediately”.
The company added that it did not agree with the methodology used during this investigation.
“This research misunderstands some ordinary functional services in applications, such as error reporting and analysis, and how applications share data to deliver those services”, Google said.
However, activist Frederike Kaltheuner, from Privacy International, said it has become “impossible” for the average user to understand how their data is used, limiting their ability to decide what information they want to share to use the services of a mobile application.
“Companies monitor people, use the collected data to make a profile and then reach people in a way that most of us would find intrusive and very surprising”, he said. “This is no longer about the need to collect data to show ‘relevant ads’ for the user, it is about maximizing the benefit of companies at the expense of violating people’s fundamental rights”, added Kaltheuner.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.