Apps in both Google Play and the Apple App Store frequently send users’ highly personal information to third parties, often with little or no notice, according to recently published research that studied 110 apps.
The researchers analyzed 55 of the most popular apps from each market and found that a significant percentage of them regularly provided Google, Apple, and other third parties with user e-mail addresses, names, and physical locations. On average, Android apps sent potentially sensitive data to 3.1 third-party domains while the average iOS app sent it to 2.6 third-party domains. In some cases, health apps sent searches including words such as “herpes” and “interferon” to no fewer than five domains with no notification that it was happening.
“The results of this study point out that the current permissions systems on iOS and Android are limited in how comprehensively they inform users about the degree of data sharing that occurs,” the authors of the study, titled Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps, wrote. “Apps on Android and iOS today do not need to have permission request notifications for user inputs like PII and behavioral data.”
The personal information most commonly transmitted by Android apps was a user’s e-mail address, with 73 percent of the apps studied sending that data. In total, 49 percent of Android apps sent users’ names, 33 percent transmitted users’ current GPS coordinates, 25 percent sent addresses, and 24 percent sent a phone’s IMEI or other details. An app from Drugs.com, meanwhile, sent the medical search terms “herpes” and “interferon” to five domains, including doubleclick.net, googlesyndication.com, intellitxt.com, quantserve.com, and scorecardresearch.com, although those domains didn’t receive other personal information.
Also concerning were Android apps that sent third parties potentially sensitive combinations of data. Facebook, for example, received users’ names and locations from seven of the apps analyzed in the study—American Well, Groupon, Pinterest, RunKeeper, Tango, Text Free, and Timehop. The domain Appboy.com received the data from an app called Glide.
And you pay for this wholesale rape your privacy!