Advertising and Android apps: A detailed study of data privacy

The concept of privacy in the age of the web and social media remains high on the agenda for many people—those on the business and marketing side who would like to advertise with greater precision and those on the consumer side who would not wish for their personal information and profile to be compromised. A new survey of data privacy in the context of applications, apps, available on the Android operating system and the mobile devices it runs, such as smartphones and tablets, has now been published in the International Journal of Information Privacy, Security and Integrity.

Dirk Pawlaszczyk of the Hochschule Mittweida—University of Applied Sciences in Mittweida, and Jannik Weber, Ralf Zimmermann and Christian Hummert of the Central Office for Information Technology in the Security Sector (ZITiS), in Munich, Germany, explain how users leave the online equivalent of a paper trail as they use different apps and websites, they share information deliberately but also unwittingly as they hop from one app or site to another.

A naïve user perhaps imagines that the information they share is kept private among their friends and associates and obviously the app they are using at any given time. However, the apps and websites they visit are themselves often interconnected and networked together, harvesting data and information about their users and commonly sharing that information with their associated companies, usually for some kind of fee.

The companies would have it that this data harvesting allows them to offer consumers more pertinent advertising. But, of course, users may be oblivious to this targeting and succumb to the advertising when under normal circumstances they would never see a poignant advertisement and would simply see the same as all other users.

aThe team has now analyzed the advertising networks associated with the top 100 free apps in the Google Play Store, the official source of software for use under the Android operating system. They have analyzed the behavior of the apps as well as the networking each does and to what other systems it connects. They found that the top apps all have direct connections to multiple advertising networks, up to fourteen in one instance.

There are many rules and regulations regarding advertising and in some parts of the world transparency for the user is paramount. Consent is needed in advance before such advertising network activity can be carried out under French law, for instance. Moreover, the European Union put in place General Data Protection Regulation (GDPR) laws which apply to everyone dealing with EU citizens' data. However, users like their apps and often accept "terms and conditions" without reading them thoroughly or worrying about the implications of giving consent to apps and the third parties with which those apps are associated.

The compromising of privacy by apps is a global problem. Rules and regulations are in place but the companies and their connections are not entirely transparent. Indeed, some are wholly opaque. The implications for the protection of individual users in the face of such opacity are enormous and there is a pressing need for revision in the way apps are allowed to function and what information they are allowed to access and assimilate from their users. The team points out that apps and their associates can gather all kinds of normally private information about a given device and its use and so discern a "fingerprint" for that device. Given that users commonly must login to various apps to make full use of them and also store personal details such as home and work address, contacts etc etc, it is no huge leap from that fingerprint being associated with an individual and thus the inescapable compromise of their privacy.