How Much Private Information Is Being Gathered From Your Phones?
Understanding Worldwide Private Information Collection on Android
Data has become the commodity that sustains much of the digital ecosystem. As smart devices, especially smartphones, become more central in our daily life, mobiles phones are turned into reliable sources of rich information about us (e.g., where you go, what activities you do, etc.).
Most mobile apps request access to some sort of information about you and obtain certain permissions on the device you are using. In most cases, information is shared and device permissions are enabled with your explicit consent.
Once the consent is given, however, it is impractical for users to recall which app collects what information, not to mention tracing the location the information is transmitted to and the actors who may further process, use, and control the data collected.
Therefore, it remains very challenging to obtain a comprehensive view of the information collected by those mobile apps. For instance, it is natural to ask questions like how many apps on my smartphone collect private information, what kind of private information these apps collect, which company processes and stores my private information, etc.
In a study we conducted together with researchers from Boston University, we investigate 22 categories of information that may affect the user’s privacy. We list them in Table 1.
Our goal is to address the above questions and understand worldwide private information collection on Android phones by analysing the flows of information (i.e., which app collects what information to which domain) generated by 2.1M unique apps installed by 17.3M users over 21 months between 2018 and 2019.
Table 1. The 22 categories of information collected by mobile apps that may affect the user’s privacy.
Is Private Information Collection Pervasive in Mobile Apps?
It is now a common practice that the apps installed on your smartphone request information about you and the device (e.g., your name, your email address, your location information) before you can use them. We try to understand if private information collection is pervasive in mobile apps.
By analysing our dataset, we discover that, on average, a mobile app sends private information to two unique domains. We also observe that over 57.6K apps (installed on 12.8M devices collectively) collect at least five unique categories of private information and send them to at least five unique domains. Our findings confirm that private information collection in mobile apps is universal and diversified at the same time, highlighting the need for additional security and privacy layer on the device.
Figure 1. Top 25 data controllers ranked by the fraction of devices they collect private information from. These 25 data controllers collect private information from a total of 13.9M devices covering 80.2% of all devices used in this study.
For more information or to read the full post, please click: https://www.nortonlifelock.com/blogs/research-group/private-information-gathered-phone