Android Apps Collect Personal Data – But just how much may surprise you

Uploaded on 2015-01-20 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A new study looking at how mobile Android apps track smartphone users has revealed some interesting facts about Android applications, InfoWorld reports, finding that many apps collect plenty of personal data in an attempt to track users online and serve them targeted ads in the process.

Two French organizations, including the French National Institute for Informatics Research (INRIA) and the National Commission on Computing and Liberty (CNIL), installed a monitoring app on Android phones belonging to 10 different people, encouraging them to use the handsets as they normally do.

For a three-month period, the volunteers collectively used 121 apps, with Mobilitics recording every time one of these apps accessed personal data, including location, identifier, photos, messages and other info. The app also tracked whether the data was transmitted to a server or not.

Almost two-thirds of apps accessed at least one identifier, 25% of them accessed at least two identifiers and a sixth of apps three or more, the study found. However, it’s not clear what kind of devices were used, or what Android OS version they were running.

Location accounted for 30% of all personal data accessed, with the study revealing some interesting numbers. For example, the Facebook app recorded one person’s location 150,000 times during the three-month period, or more than once per minute. The Google Play Store tracked a user’s phone 10 times per minute at certain times. One game recorded a user’s location 3,000 times while it was in use.

But the most amazing stat belongs to an unspecified default Android app made by Google, which checked a user’s location 1 million times in one month.

As the study reveals, it’s pretty easy for app developers to track users by simply looking at a phone’s Wi-Fi and/or Internet state, with the resulting data being enough for target advertising. Additionally, the data can be aggregated in order to profile users and their social networks even better.

BGR:  

 

« Coming Soon. How Surveillance and Privacy will Overlap in 2025
Snowden Says US Creates A Black Market for Digital Weapons »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Guardtime

Guardtime

Guardtime's Black Lantern platform provides real-time cybersecurity and data-centric asset protection.

Bugcrowd

Bugcrowd

As leaders in crowdsourced security testing, Bugcrowd connects companies and their applications to a crowd of tens of thousands of security researchers to identify critical software vulnerabilities.

Securitybulls

Securitybulls

Securitybulls is an information security firm offering an encyclopedic penetration testing & IT security assessment service for your organization.

Radically Open Security

Radically Open Security

Radically Open Security is the world's first not-for-profit computer security consultancy company.

La Fosse Associates

La Fosse Associates

The InfoSec Recruitment team at La Fosse Associates specialises in placing Information Security & Risk professionals on a permanent and contract basis.

International Data Sanitization Consortium (IDSC)

International Data Sanitization Consortium (IDSC)

IDSC is a group composed of individuals and companies dedicated to standardizing terminology and practices across the data sanitization industry.

Dale Peterson

Dale Peterson

Dale Peterson, a leading ICS security and control system IT information expert, provides consulting services to assess and improve the security of SCADA and DCS.

Nucleon Security

Nucleon Security

Nucleon Endpoint Detection and Response EDR is the most effective way to protect the value created by your organization against any threat.

Conversant Group

Conversant Group

Conversant Group is an IT infrastructure and security consulting company, providing technical, organizational, procedural, and process consulting internationally.

Institute for Pervasive Cybersecurity - Boise State University

Institute for Pervasive Cybersecurity - Boise State University

Boise State University’s Institute for Pervasive Cybersecurity is a leader of innovative cybersecurity research and advancement in Idaho and the region.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

Bastazo

Bastazo

Bastazo provides tools for vulnerability and patch management. Focus your cybersecurity operations on vulnerabilities with the highest risk of exploitation.

Centric Consulting

Centric Consulting

Centric Consulting is an international management consulting firm with unmatched expertise in business transformation, AI strategy, cyber risk management, technology implementation and adoption. 

C/side (cside)

C/side (cside)

At c/side, we're creating the ultimate delivery, performance and detection mechanism for browser-side fetched 3rd party Javascript.

Btech

Btech

Btech is the market leader in providing affordable managed IT security services for credit unions.

Yondu

Yondu

Yondu empowers businesses across various industries through a wide array of innovative technology solutions to help them scale in the new digital economy.