Yup, mobile apps found in both Google Play and Apple’s App Store transmit mobile users’ private data to third parties on a regular basis. What is worse is that they often do it with minimum notice or even none at all. This is what a group of researchers have found when they examined the behavior of more than a hundred mobile apps.
What the researchers did is take 55 of the most popular mobile apps from Google Play and the Apple App Store and analyzed them. They found that a sizable chunk of the apps examined frequently provided Google, Apple, and other third parties with the mobile users’ email addresses, complete names, and physical location information. Android apps on average transmitted user information to 3.1 third party domains, while iOS apps do it to 2.6 third party domains. Sometimes, health related mobile apps sent searches including terms such as herpes and interferon to a minimum of five domains and they are doing it without notifying the mobile user.
For Android mobile apps, the most commonly sent personal information was email address data, with 73 percent of the apps analyzed sending that data. Overall, 49 percent of Android apps transmitted mobile users’ full names, 33 percent sent users’ current GPS location, 25 percent sent addresses, and 24 percent sent a device’s IMEI or other details. Meanwhile, a specific app from Drugs.com transmitted the medical search terms herpes and interferon to five domains, including doubleclick.net, googlesyndication.com, intellitxt.com, quantserve.com, and scorecardresearch.com, even though those domains have not received other personal data.
Another cause for concern was the finding that Android mobile apps were sending third parties potentially sensitive combinations of information. For instance, Facebook got users’ names and locations from seven of the apps examined by researchers, namely Pinterest, American Well, Groupon, RunKeeper, Tango, Text Free, and Timehop. The Appboy.com domain got all the data from an app called Glide. Moreover, the researchers found that 51 of the 55 Android apps analyzed connected to the safemovedm.com domain.
As for iOS mobile apps, they most often transmitted third parties information about a user’s location, with 47 percent of the apps examined sending that data. 18 percent of apps sent full names, while 16 percent sent email addresses. The Pinterest app sent names to four third party domains -- yoz.io, facebook.com, crittercism.com, and flurry.com.
Other sensitive data was also being plundered. Period Tracker Lite, for example, sent symptom related terms such as insomnia to apsalar.com, while job search apps from Indeed.com and Snagajob sent employment related terms such as nurse and car mechanic to four domains (207.net, healthcareresource.com, google-analytics.com, and scorecardresearch.com).
