[ad_1]
A group of security researchers says that dozens of popular iPhone applications discreetly share the location data of "tens of millions of mobile devices" with third-party data monetization companies.
Almost all require access to a user's location data to function properly, such as weather and fitness apps, but often share this data to generate revenue for free apps to download.
In many cases, applications send specific locations and other sensitive and identifiable data "at any time, permanently" and often "little or no mention" that location data will be shared with third parties, claim the GuardianApp project researchers.
"I believe people should be able to use any application on their phone without fear that access to sensitive data could mean that this data will be sent discreetly to an entity they do not know about. and that they have no desire to do. business with, "said Will Strafach, one of the researchers.
Using network traffic monitoring tools, researchers found 24 popular iPhone applications that collected location data – such as Bluetooth tags on Wi-Fi network names – to find out where a person is and where they are going . These data monetization companies also collect other device data from the accelerometer, the battery charge status, and the cell network names.
In exchange for data, these companies often pay application developers to collect data and develop their databases and often to serve ads based on the location history of users.
But while many say they do not collect personal information, Strafach said latitude and longitude coordinates can tie someone to a home or work.
To name a few:
ASKfm, an anonymous app of questions / answers aimed at teens, has 1,400 notes on the Apple App Store and boasts tens of millions of users. It requests access to the user's location that will not be "shared with anyone". But the application sends this location data to two data companies, AreaMetrics and Huq. When it was reached, the manufacturer of the application stated that he believed that his site collection practices "correspond to the standards of the industry and are therefore acceptable to our users" .
NOAA weather radar has more than 266,000 reviews and has millions of downloads. Access to your location "is used to provide weather information". But an earlier version of the app from March sent location data to three companies, Factual, Sense360 and Teemo. The code has since been deleted. A spokesperson for Apalon, who created the app, said he had "performed a limited and brief test with some of these vendors" early in the year.
Homes.com is a popular app that asks you to activate your location to help you "find nearby homes". But the code, considered an old code, always sends precise coordinates to AreaMetrics. The maker of the app said he used AreaMetrics "for a short time" last year, but said the code had been disabled.
Perfect365, an augmented reality beauty app with over 100 million users, asks to locate your experience based on your location, and returns users to the privacy policy, which indicates that location data will be used for advertising. . The application was briefly pulled after a BuzzFeed News article was published earlier this year by the researchers, but returned to the app store a few days later. The current version of the application contains code for eight separate data monetization companies in the latest version of the application. The creator of the application did not return a comment request.
And the list goes on – including more than a hundred Sinclair-owned local news and weather apps that share location data with Reveal, a data tracking and monetization company that will help the media giant increase its sales with target audiences. "
It can quickly become a lucrative business for developers with popular applications and monetization companies, some of which collect billions of sites each day.
Most data monetization companies deny any wrongdoing and claim that users can opt out at any time. Most of them said that they require that application developers explicitly state that they require application developers to explicitly declare that they are not in charge of the application. they collect and send data to third-party companies.
The team's research shows that these requirements are almost never verified.
Reveal stated that customers should "indicate the use cases of location data in their privacy policy" and that users could unsubscribe at any time. Huq, like Reveal, reported performing "regular checks on our partner applications to make sure they had implemented" measures that explain the company's services. AreaMetrics, which primarily collects data from Bluetooth beacons from public places such as cafes and retail stores, states that it does not have any interest in receiving personal data from users.
Sens360 The data it collects is anonymous and requires the express consent of its users, but Strafach said that few of the applications he saw contained text that sought assurances. But the company did not answer a specific question about why it no longer works with certain applications. Wireless Registry said that apps also require users' consent, but they would not comment on the security measures they use to ensure user privacy. And in his remarks, InMarket stated that it follows advertising standards and guidelines.
Cuebiq claims to use an "advanced cryptography method" to store and transmit data, but Strafach said he found "no evidence" that data was scrambled. He says it's not a "tracker", but some app developers are looking to monetize user data, but most use it to get information. And, factual said use location data for advertising and analysis, but must obtain the consent of users for the application.
Once reached, Teemo did not answer our questions. SafeGraph, Mobiquity and Fysical did not respond to requests for comment.
"None of these companies seem to be legally responsible for their claims and their practices, but rather for some kind of self-regulation that they claim to apply," Strafach said.
He said there were not many users, but limiting ad tracking in your iPhone's privacy settings may make it more difficult for users to identify users by location trackers.
Apple's crackdown on applications that are not subject to privacy policies is launched next month. But given the few users who read them, do not expect apps to change behavior in the near future.
Source link