Decoding how smartphone apps track users and transfer data

In a study conducted at Oxford University, aimed to look into the mechanism of data sharing from smartphones, it was found that a whopping 90 % of apps are configured to transfer information back to Google.

1m android apps have been examined as part of a study conducted by researchers, it gave insights into the sharing of data from smartphones.

With 1m of apps being analyzed, the analytics had it that the median app could transfer data to a total of 10 third parties, with one in five applications to transfer data to 20 plus third parties.

Referencing from the revelations of the project led by him, Reuben Binns concluded that data sharing spiraled out of control with a majority of apps switching to the “freemium” model – advertising takes care of the revenues instead of the sales.

Reuben added, users, regulators and sometimes even the app developers and advertisers are unaware of the extent to which data flow from smartphones to digital advertising groups, data brokers and intermediaries that buy, sell and blend information.

“It feels like this legitimate business model has gone completely out of control and created a kind of chaotic industry that is not understood by the people who are most affected by it”, he further added.

Data transferred to third-party apps contains personal information like gender, location, age, information on nearby Wi-Fi routers and every other application installed in the user’s device.

Since the inception of Google app store for the Android populace, the app economy has skyrocketed approximating 10m app releases in the corresponding decade. Internet sources claim the availability of 2.8m apps at the store as of August.

The analysis revealed that as of January 2017, there were 88% of apps that could potentially send data to third parties which are ultimately owned by Alphabet and nearly half of it, i.e., 43% could send to parties ultimately owned by Facebook. This nexus of subsidiaries explains the concentration of key data at the global tech giants.

Nigel Shadbolt, the co-founder of the Open Data Institute and head of the group that carried out the research, says “This is important if we are to empower individuals and also understand the monopoly and concentration issues surrounding tracking companies,”

Countering on the research implications, Google said they mischaracterized “ordinary functions” such as an app reporting back when it had crashed and its analytics. Google further elaborated, “Across Google and in Google Play we have clear policies and guidelines for how developers and third-party apps can handle data and we require developers to be transparent and ask for user permission. If an app violates our policies, we take action,”

To this Mr. Binns formulated his argument around the data transfer rights built into the apps and the “excessive permissions” required to transfer data.

Clearing their stand on data sharing with seven third parties, A FT spokesperson said, “We send data to these providers to enable services such as push notifications, crash tracking, Google sign-on, and personalized advertising.

“We are extremely careful with how we collect and handle customer data, and set out in detail how we use it in our privacy policy. Readers can easily manage their cookie settings for and our apps”, he added.

Most users fail to realize the degree to which their information and certain demographics are being circulated to third parties, said campaigners and lawyer.

Illuminating the severity of how less we can do about it, Gabriel Voisin, a partner at Bird & Bird, the law firm, says  “There is a lot of sharing of data that we cannot as users immediately identify or realize.” “There are no easily accessible settings or widget to switch this off.”

The EU’s General Data Protection Regulation prohibits the practice of linking data to a user, the practice is identified as “De-anonymization”

“In practice we know it’s very easy to link data back together,” said Frederike Kaltheuner, head of the data exploitation practice at campaign group Privacy International. She told that an industry of data brokers like Acxiom operate in a legal grey area, offering services to link data together and matching offline data.

Alexander Hazell, data protection officer at Acxiom said, “Acxiom takes data protection very seriously and goes further than legal compliance by applying an ethical framework to how it processes data for others,”

While Amazon, Facebook, and Twitter have refused to comment, here’s what other networks had to say,

LinkedIn said (owned by Microsoft):

It “places limits on any use or combination of data with third parties or Microsoft”. 

Microsoft said:

The company “has a different business model than other tech companies that rely principally on advertising revenue”, told by the general manager at Microsoft, Adrienne Hall.

Leave a Reply