A new study conducted by researchers at the Carnegie Mellon University revealed that a number of Android mobile apps collects geolocation data related to the users. According to the Wall Street Journal, the researchers discovered that the mobile apps track users every three minutes.
During the two weeks of the study, the researchers discovered that the mobile apps requested geolocation data an average of 6,200 times.
The experiment involved 23 Android users from the Carnegie Mellon student and Craigslist, the researchers requested them to use an arbitrary number of applications over the two weeks without providing them information regarding the apps that were being assessed. The researcher tracked the data requests made by the mobile apps by using a software they have specially designed.
The applications that collected the greatest number of data are Google Play Services (2,200), The Weather Channel’s app (2,000 requests) and Groupon (1,062 times).
It is normal that specific categories of mobile apps collect location data, but the frequency of the requests surprised the researchers.
“Does Groupon really need to know where you are every 20 minutes?” wrote Norman M. Sadeh, one of the author of the study asked Consumerist. “The person would have to be accessing Groupon in their sleep,”
Another disconcerting aspect of the research is that Android users totally ignore mobile apps collect their data:
“There are some applications where you could justify this level of frequency—think for instance of a navigation app.” “So the frequency by itself is not the problem. Instead it is whether the frequency is justified, and obviously whether users are informed of these practices and have some level of control.”
Most worrying are Google Play Services, because they are pre-installed on Android mobile devices and in the majority of cases are result hard to remove to common people.
The awareness of being tracked can affect the users’ behavior?
To respond to the question, during the third week of the study, the researchers started sending the users ‘privacy nudges’ every time an app requested their location data. The response of the mobile app users was eloquent, 95 percent of participants reported that they would reassess their app permissions and 58 percent restricted Android mobile apps from collecting their personal data.
“The defaults for location data are entirely backward. That data should only be revealed at a particular moment for a particular purpose. Instead, devices routinely reveal location, leaving the user subject to constant tracking,” Marc Rotenberg, president of the privacy advocacy group, the Electronic Privacy Information Center told the WSJ.
The researchers will present full findings of the study next month at a conference at Seoul.
(Security Affairs – mobile apps, privacy)