© 2024
Local NPR for the Cape, Coast & Islands 90.1 91.1 94.3
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

Majority of Smartphone Apps Share Personal Data

Most Android smartphone apps are sharing personal data with third party services, without permission from users.
https://goo.gl/x2itWP
/
CC0 Public Domain

The last time you downloaded a new app for your phone, you probably gave it permission to access some of your personal data, like photos, contacts, or your location. After all, what good is a mapping app that doesn't know where you are? But what you likely didn't know is that an estimated seven out of ten Android apps are sharing personal data with third party services, like Google Analytics.

That's according to a recent study by the Haystack Project, a collaboration led by researchers at U.C. Berkeley's International Computer Science Institute and IMDEA Networks Institute, in Madrid, Spain. Researchers developed an Android app, called Lumen, that tracks the type of data being sent out by each app. Over the past two years, the project has tracked about 5,000 apps on 1,600 users' phones. 

"Phones have the ability to collect a lot of very private information about users," said Srikanth Sundaresan, a Research Fellow in Computer Science at Princeton University. "We really need to understand where this data is going, and how these services are using it."

Sundaresan says it’s not your name or social security number that's being shared, but your phone number or the device's unique identification number could be associated with data like location, or contacts. And many apps are sharing data with multiple third parties.

In addition, many different apps transmit the data using the same chunks of code, pulled from code libraries. While users grant individual apps access to different types of data, the libraries get access to all the data harvested with their code. In other words, if your mapping app and texting app use code from the same library, that library gets access to both apps' data. That could give someone on the receiving end enough information to reconstruct a person's identification and, even, what he/she is doing.

"You really don't need really strong ID's to link to a person," said Sundaresan. "You only need several week identifiers that, by themselves, don't seem like that much of an issue."

Sundaresan says what's driving most of the data sharing is advertising money, which developers need, because most of the apps people download are free. Apps that are paid for by users also share information, albeit at a lower rate. So, just paying for apps isn't a silver bullet to solve the data sharing problem.

"We need to find a balance somewhere," Sundaresan said. "It could be that people - users - start paying for apps a little bit more. It could be that we need stronger privacy laws, or we need more educated users - people  understanding what we're doing."

In other words, there's no simple answer.

Guests:

  • Narseo Vallina-Rodriguez - Research Assistant Professor with IMDEA Networks Institute, Madrid, Spain; Research Scientist at International Computer Science Institute based at University of California, Berkeley.
     
  • Srikanth Sundaresan - Research Fellow in Computer Science at Princeton University.
     
Stay Connected