A new study conducted by researchers at the Carnegie Mellon University revealed that dozens of mobile apps collect extensive location data.
A new study conducted by researchers at the Carnegie Mellon University revealed that a number of Android mobile apps collects geolocation data related to the users. According to the Wall Street Journal, the researchers discovered that the mobile apps track users every three minutes.
During the two weeks of the study, the researchers discovered that the mobile apps requested geolocation data an average of 6,200 times.
The experiment involved 23 Android users from the Carnegie Mellon student and Craigslist, the researchers requested them to use an arbitrary number of applications over the two weeks without providing them information regarding the apps that were being assessed. The researcher tracked the data requests made by the mobile apps by using a software they have specially designed.
The applications that collected the greatest number of data are Google Play Services (2,200), The Weather Channel’s app (2,000 requests) and Groupon (1,062 times).
It is normal that specific categories of mobile apps collect location data, but the frequency of the requests surprised the researchers.
“Does Groupon really need to know where you are every 20 minutes?” wrote Norman M. Sadeh, one of the author of the study asked Consumerist. “The person would have to be accessing Groupon in their sleep,”
Another disconcerting aspect of the research is that Android users totally ignore mobile apps collect their data:
“There are some applications where you could justify this level of frequency—think for instance of a navigation app.” “So the frequency by itself is not the problem. Instead it is whether the frequency is justified, and obviously whether users are informed of these practices and have some level of control.”
Most worrying are Google Play Services, because they are pre-installed on Android mobile devices and in the majority of cases are result hard to remove to common people.
The awareness of being tracked can affect the users’ behavior?
To respond to the question, during the third week of the study, the researchers started sending the users ‘privacy nudges’ every time an app requested their location data. The response of the mobile app users was eloquent, 95 percent of participants reported that they would reassess their app permissions and 58 percent restricted Android mobile apps from collecting their personal data.
“The defaults for location data are entirely backward. That data should only be revealed at a particular moment for a particular purpose. Instead, devices routinely reveal location, leaving the user subject to constant tracking,” Marc Rotenberg, president of the privacy advocacy group, the Electronic Privacy Information Center told the WSJ.
The researchers will present full findings of the study next month at a conference at Seoul.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.