Wait… 70% of Mobile Apps Are Sharing My Data?

It always makes me wonder.

I often ponder the question are ‘normal’ people aware of data protection issues? And I don’t mean in a top level way. Like they might understand the basic tenants of the recent GDPR. Or even in a specific way that they might understand what they can and can’t do under PECR. 

I mean the real world issues we face like the sharing of our data with third parties. The farming of our data for use by advertising companies. And out right illegal activities where ‘hackers’ might live in our home networks looking out for their nefarious opportunities.

I was reminded of these data protection issues seeing an article recently on a survey from last year by Narseo Vallina-Rodriguez  and Srikanth Sundaresan 

The article makes the point that most people are aware of the top level safety protocols. Like protecting your PIN number and the like. But there is a danger lurking that most are unaware of. And it’s to do with the entirely legal and appropriate downloading of apps to our phones.

I always check the privacy policy

When downloading an app I agree to the various terms and conditions. But does anyone actually read through these in any detail? It appears not if the report produced by the above authors is anything to go by.

According to them:

“But once an app has permission to collect that information, it can share your data with anyone the app’s developer wants to – letting third-party companies track where you are, how fast you’re moving and what you’re doing.”

And there is the rub. Off we merrily pop with our phones in our purses and pockets, and all the while it’s transmitting data about where we are and what we are up to. And potentially even more disturbing stuff than that. And we aren’t aware of any of this happening.

In fact, according to their research 7 out of 10 apps are ‘tracking’ us through third party software installed on the phones. Its caused by app developers taking economical shortcuts and installing sections of code into their app that are from elsewhere, and perfectly serviceable in the context of what they are trying to do. However, that code often comes with those invisible trackers already embedded into it.

Out of 1600 people involved in the survey, some 5000 apps were ‘tested’. More than 70% had links to at least one tracker, and 15% links to 5 or more! And 1 in 4 of the trackers being employed harvested device specific information like the IMEI and the devices phone number.

These unique identifiers are crucial to the companies using the trackers

Unique identifiers are used to piece together complex pictures of us and our behaviours. This picture is revealed  as we move from one app to another. And once again, the vast majority of us using these devices and therefore the technology employed are completely unaware of these practices.

Perhaps most disturbingly of all the authors of the report found that children were being targeted by app trackers. Out of 111 apps designed for children, 11 were leaking unique identifiers like the MAC addresses of the router being used, which can potentially find the physical location of the device.

The authors point out that their research might even be underestimating the size of the issue. The tie up the article by making the point that:

“Our findings may be merely scratching the surface of what is likely to be a much larger problem that spans across regulatory jurisdictions, devices and platforms.”

And I agree with their conclusion that transparency, education and a strong regulatory framework are what’s required to combat these practices and practices like it.