RESEARCHERS AT YALE Privacy Lab and French nonprofit Exodus Privacy have documented the proliferation of tracking software on smartphones, finding that weather, flashlight, rideshare, and dating apps, among others, are infested with dozens of different types of trackers collecting vast amounts of information to better target advertising.
Exodus security researchers identified 44 trackers in more than 300 appsfor Google’s Android smartphone operating system. The apps, collectively, have been downloaded billions of times. Yale Privacy Lab, within the university’s law school, is working to replicate the Exodus findings and has already released reports on 25 of the trackers.
Yale Privacy Lab researchers have only been able to analyze Android apps, but believe many of the trackers also exist on iOS, since companies often distribute for both platforms. To find trackers, the Exodus researchers built a custom auditing platform for Android apps, which searched through the apps for digital “signatures” distilled from known trackers. A signature might be a tell-tale set of keywords or string of bytes found in an app file, or a mathematically-derived “hash” summary of the file itself.
The findings underscore the pervasiveness of tracking despite a permissions system on Android that supposedly puts users in control of their own data. They also highlight how a large and varied set of firms are working to enable tracking.
“I think people are used to the idea, whether they should be or not, that Lyft might be tracking them,” said Sean O’Brien, a visiting fellow at Yale Privacy Lab. “And they’re used to the fact that if Lyft is on Android and coming from Google Play, that Google might be tracking them. But I don’t think that they think that their data is being resold or at least redistributed through these other trackers.”
…click on the above link to read the rest of the article…