Android apps sharing private data with advertisersContacts, location and calendar data shared
05 March 2012
A Channel 4 News investigation has found that many Android apps are sharing personal data with advertisers without clear consent.
In its investigation, Channel 4 found that, having sought permission to access data on the phone for use in the app itself, many popular free apps that carry advertising were also sharing that data with the advertisers and advertising networks. Data that was available to advertisers included contacts, location data and even calendar entries.
Channel 4 has highlighted a concern that it's not clear that granting the apps permission to access this data also extends this permission to the advertisers and networks that are featured in the app.
This follows a number of high-profile mobile privacy stories in recent weeks. On 16 February, Twitter admitted it stored the address books of users that used the 'Find Friends' feature of its iPhone app on its servers for 'up to 18 months' - Twitter was responding after another social network, Path, was caught downloading people's address books without permission. Shortly afterwards major technology companies, including Apple, Google, Microsoft and Amazon, agreed new rules for ensuring users are given better information about what private information apps might access before people downloaded them.
What private data is being shared?
Channel 4 News' research found that the MobClix advertising network, used by many of the apps it looked at, appears to gain access to users' contacts, location and calendar. It also found that there was no warning that a third party is going to gain access to this data, or even an option for the makers of the apps to warn users.
Channel 4 News does point out that 'It is perfectly possible that MobClix isn't actually storing the data, but we have no idea what it is doing with the data they have 'permission' to access as the company hasn't responded to us'. It also acknowledges that it's hard to know if the app makers themselves know what's inside the advertising code they have put inside their applications and are aware of the situation.
What was Google's response?
Android, Google's operating system, told Channel 4 News that it 'has best practices for app makers to follow when it comes to user data but it does not screen applications before they are offered for download'. It does point out that before you download an app, it must warn the user with a list of the part of the phone the app will gain access to when you install it. The problem is do users read these before installing them? And if you can't get the app without it will many people just say yes anyway?
Which? says these apps are breaching our current data protection laws
Georgina Nelson, Which? senior in-house lawyer, says:
'The problem here is twofold. Expecting users to read the small print is a joke - especially as our recent research shows how this can run into the tens of thousands of words - PayPal's terms and conditions are longer than Hamlet. We need a slicker solution - anything which would be outside the user's reasonable expectations should be flagged up at the off. But this also highlights that these apps are simply breaching our current data protection laws - and nothing is being done about it. It simply shouldn't be happening in the first place. Google's defence would be their terms and conditions or best practice guidance for their app developers - but if this isn't enforced or policed - what's it actually worth? Let's also remember this isn't a new story - app developers have been getting away with similar data grabs on a whole host of other platforms.
'Let's see our ICO flexing their powers of fines to get this industry under some form of control.'
More like this...
- Mobile phone security - all you need to know on how to keep you personal data safe
- Best mobile networks - see what 8,000+ people said about the UK's mobile phone networks
- Channel 4 News - the original story