180 likes | 298 Views
Topic: Security / Privacy. “Your Apps Are Watching You”. Source: The Wall Street Journal Online. Presented By: Corey Campbell. Article Overview. Among our devices, smartphones know us best. Time for an investigation. The Wall Street Journal conducts an investigation:
E N D
Topic: Security / Privacy “Your Apps Are Watching You” Source: The Wall Street Journal Online Presented By: Corey Campbell
Article Overview Among our devices, smartphones know us best. Time for an investigation. • The Wall Street Journal conducts an investigation: • App analysis – iPhone & Android • Consumer protection • Ad networks
Introducing…Your Data Key categories being looked at:
Introducing…Your Data The ones that are watching your data:
What The Investigation Dealt With Examined 101 popular smartphone apps for iPhone & Android • Results included: • 56 apps transmitted phone’s unique device ID to other companies without user awareness or consent • 47 apps gave away the phone’s location • 5 apps sent age, gender, and other personal details outside of the app Intrusive behavior of online-tracking companies to append data to your profile
How Did The iPhone Do? iPhone sent off more data than Android phones (within 101 app test) An app that shard the most data: TextPlus 4 – iPhone text messaging app • sent iPhone’s UDID to 8 ad companies • phone’s zip code, user’s age & gender to 2 ad companies
Apple & Android Apps Pandora – popular music app • sent age, gender, location, and phone identifiers to different ad networks Paper Toss – game of tossing paper into trash can • sent phone’s ID number to at least 5 ad • companies
Some Comments Michael Becker of Mobile Marketing Association – “In the world of mobile, there is no anonymity” Device is always on and with us Apple supports a review of app before being offered publicly Apple & Android protect users from revealing data through permissions Tom Neumayr – Apple spokesman “We have created strong privacy protections for our customers, especially regarding location-based data. Privacy and trust are vitally important.
Getting Around The Rules Pumpkin Maker – pumpkin-carving game • gave away phone’s location to an ad network without asking permission • Apple declined to talk about this violation
What Are The App Makers Saying? • TextPlus 4 & Pandora: • Data passed is not linked to an individual • Personal details (such as age, gender) are volunteered by users • Pumpkin Maker: • Unaware of Apple’s guidelines to seek user approval before sending data • Paper Toss: • Did not want to comment
Consumer Protection • Privacy Policies: • 45 of the 101 apps did not provide a privacy policy • Apple & Google don’t require them
WSJ Designs A System • System intercepts and records data • Decodes data stream • Covered 50 iPhone apps & 50 Android apps
The Jury Is In • The most widely shared item was the phone’s identifier, or UDID for the iPhone. • ID is set by phone makers, carriers, or OS makers • Difficult to delete or hide
Why, Oh Why? • Meghan O’Holleran – Traffic Marketplace • Track everything by phone ID • Apps downloaded • Usage frequency • Time spent on app • Areas used in app • Data is combined, not linked to an individual
No Standards In Mobile • Apple sees UDID as “personally identifiable information” • Can be combined with info from App Store and iTunes In contrast, Google and most app makers don’t consider device IDs to be identifying information.
Ad Networks • An expanding industry • Mobclix – an ad exchange • Matches more than 25 ad networks with approximately 15,000 apps needing advertising • Takes phone IDs, encodes them, and assigns them to interest categories based on users’ usage factors. • Does a “best guess” of where person lives to mix location data from Nielsen Co. • Powerful system, but categories are still broad enough not to identify people.
An Example: Mobclix Inner-workings • Within a quarter-second, Mobclix can place a user in one of 150 segments it offers to advertisers • Segment types: “green enthusiasts”, “soccer moms” • “die hard gamers” segment: • 15 – 25 year old males • more than 20 apps on phone • use an app for more than 20 minutes at a time
The Ad Networks Have My Info • Claim data is anonymous and brings more relevant advertising • Google received most data overall in the tests by WSJ, but says it does not mix data from its ad units: AdMob, AdSense, Analytics, and DoubleClick • AdMob gives advertisers access to phone users by locations, device type, and demographics (gender, age group) • Apple has its iAd network – only for iPhone • Apple uses App Store and iTunes info to target ads.