NEWS1 October 2010

Researchers uncover leaky apps spilling private data

Data analytics North America

US— Smartphone apps have been found leaking potentially sensitive device and location data in a study carried out by researchers from Intel Labs and Duke and Pennsylvania State universities.

The researchers studied 30 popular apps for Google’s Android platform and found half were disclosing location data to third-party advertising servers “without requiring implicit or explicit user consent”.

Approximately a third of the apps also disclosed the phone’s device ID – sometimes along with the phone number and SIM card serial number.

Such data can be useful to app developers and marketers in analysing user behaviour and for targeting ads, but from a consumer perspective researchers warned of limited privacy controls and a lack of visibility into how such private data is used.

“Mobile phone operating systems currently provide only coarse-grained controls for regulating whether an application can access private information, but provide little insight into how private information is actually used,” say the researchers. “For example, if a user allows an application to access her location information, she has no way of knowing if the application will send her location to a location-based service, to advertisers, to the application developer, or to any other entity.”

Further details of the study are covered in a 15-page paper (available online here).

Apple, Google’s main smartphone rival, recently updated its rules addressing the use by app developers and advertisers of iPhone and iPad user and device data.