Android Apps Collect Personal Data – But just how much may surprise you

Uploaded on 2015-01-20 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A new study looking at how mobile Android apps track smartphone users has revealed some interesting facts about Android applications, InfoWorld reports, finding that many apps collect plenty of personal data in an attempt to track users online and serve them targeted ads in the process.

Two French organizations, including the French National Institute for Informatics Research (INRIA) and the National Commission on Computing and Liberty (CNIL), installed a monitoring app on Android phones belonging to 10 different people, encouraging them to use the handsets as they normally do.

For a three-month period, the volunteers collectively used 121 apps, with Mobilitics recording every time one of these apps accessed personal data, including location, identifier, photos, messages and other info. The app also tracked whether the data was transmitted to a server or not.

Almost two-thirds of apps accessed at least one identifier, 25% of them accessed at least two identifiers and a sixth of apps three or more, the study found. However, it’s not clear what kind of devices were used, or what Android OS version they were running.

Location accounted for 30% of all personal data accessed, with the study revealing some interesting numbers. For example, the Facebook app recorded one person’s location 150,000 times during the three-month period, or more than once per minute. The Google Play Store tracked a user’s phone 10 times per minute at certain times. One game recorded a user’s location 3,000 times while it was in use.

But the most amazing stat belongs to an unspecified default Android app made by Google, which checked a user’s location 1 million times in one month.

As the study reveals, it’s pretty easy for app developers to track users by simply looking at a phone’s Wi-Fi and/or Internet state, with the resulting data being enough for target advertising. Additionally, the data can be aggregated in order to profile users and their social networks even better.

BGR:  

 

« Coming Soon. How Surveillance and Privacy will Overlap in 2025
Snowden Says US Creates A Black Market for Digital Weapons »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

mile2

mile2

Mile2 develop and deliver proprietary vendor neutral professional certifications for the cyber security industry.

SSH Communications Security

SSH Communications Security

SSH Communications Security is a leading provider of enterprise cybersecurity solutions for controlling trusted access to information systems and data.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

DataVantage

DataVantage

DataVantage data masking and data management software helps you prevent data breaches, pass compliance audits and meet regulatory requirements such as HIPAA and PCI DSS.

North European Cybersecurity Cluster (NECC)

North European Cybersecurity Cluster (NECC)

NECC promotes information security and cybersecurity-related cooperation and collaboration in the Northern European region in order to enhance integration into the European Digital Single Market.

6point6

6point6

6point6 is a technology consultancy with strong expertise in digital transformation, emerging technology and cyber security.

Cyan Securiy Group

Cyan Securiy Group

Cyan provide best-in-class cyber security solutions for mobile Internet and mobile devices that are extremely effective and highly intuitive in their use.

ANSEC IA

ANSEC IA

ANSEC is a consultancy practice providing independent Information Assurance and IT Security focussed services to customers throughout the UK, Ireland and internationally.

ProLion

ProLion

ProLion provides Data Integrity solutions that ensure organisations’ data remains secure, compliant, manageable and accessible.

AML Global Solutions (AMLGS)

AML Global Solutions (AMLGS)

AMLGS delivers Financial Crime prevention training programmes and consultancy services encompassing Anti-Money Laundering (AML), Counter Terrorism Financing (CTF), Bribery & Corruption and Fraud.

Cornami

Cornami

Cornami delivers real-time computing on encrypted data sets, which is vital for data privacy and cloud security.

ECS Ethiopia

ECS Ethiopia

ECS Ethiopia provides Ethiopia’s leading institutions with top cyber-security expertise and technology to enable them to overcome risks and market barriers enabling them to grow their business.

Quantum eMotion (QeM)

Quantum eMotion (QeM)

Quantum eMotion is a Montreal-based advanced developer leading the way towards a new generation of quantum-safe encryption for the quantum computing age.

Ingenics Digital

Ingenics Digital

Ingenics Digital is a recognized initiator and leading service provider in the areas of software development and embedded systems.

CardinalOps

CardinalOps

The CardinalOps platform continuously assesses your detection posture and eliminates coverage gaps in your existing detection stack so you can easily implement a threat-informed defense.

Fernao Group

Fernao Group

Fernao offer you all solutions from a single source - from cyber security, business resilience and digital infrastructure to cloud technologies and pentesting.