A recent study has revealed some pretty startling results about mobile data security – showing that as many as 7 out of 10 applications in the Play Store are sharing user data with third-party tracking companies. Perhaps ironically, conducting the study required the creation of a free application – called Lumen Privacy Monitor – designed to collect and analyze a specific type of data. Lumen analyzed other applications a user had installed, using Android API to ask users if it could collect data about what information those apps were collecting and where it was being sent. It also offered that information for the user to see for themselves. Lumen itself didn’t collect any personal information. Instead, it collected descriptions of what was being collected. When Google Maps would send data out, for example, it would record that the app collected a GPS location reading and sent that to maps.google.com. The user would see the same information.
Over the course of the study, more than 5,000 apps were able to be analyzed thanks to Lumen being installed by more than 1,600 people since 2015. Although the 70 percent measured does represent a significant portion of the applications available to Android users, it is important to remember that many applications actually require the information they are collecting to function properly. Google Maps, for example, is going to be almost completely useless without access to location permissions. It’s also important to remember that users are able to look at what permissions an app will have access to before downloading and that the app will often request permission at least once when launched for the first time. Android, in particular, has made great strides over the last few iterations in those regards. Another prominent problem presented in the results of the study, however, is what happens when applications track and analyze users through their use of websites. That allows developers and third parties to track those users cross-platform, on both their mobile device and then on other devices using the data collected. Of the apps tagged for tracking, more than half take part in tracking users in their web activity. Finally, the study also concluded that 15 percent of applications were connected to five or more trackers and a quarter of the applications collected device identifier information that allows users to be personally linked to usage on a given device.
The majority of the risk comes from the developer’s ability to do whatever he or she wants with the information collected. Cyber crime is a persistent problem thanks to the wide breadth of data being collected, stored, and transferred across the web. Moreover, even technically legitimate data collection has been shown by the study to be allowed to bypass a user’s local data privacy laws or regulations thanks to the international nature of the web and its data storage. It’s equally important not to become overly paranoid since that data analysis and collection can actually bring benefits to users, in addition to being useful in many applications. For now, there is really no silver bullet solution to solve the challenges. Google has also made a point of providing guidance and restrictions for how developers should or can use permissions with the Android APIs. Many apps will either collect less data, send the data to fewer third-parties, or halt altogether if users purchase paid versions. Furthermore, many app developers and device creators have made the decision to begin facing the problem head on for themselves. Users can also opt to lose some functionality or the ability to use some applications altogether, through the use of ad-blockers or other software, in a trade-off to protect their data. That said – and as the study concludes – education, transparency measures, and more universal or cross-country regulatory frameworks are likely going to be needed to really start whittling away at the problem.