Topic: Security / Privacy “Your Apps Are Watching You” Source: The Wall Street Journal Online...
-
Upload
gwenda-foster -
Category
Documents
-
view
213 -
download
0
Transcript of Topic: Security / Privacy “Your Apps Are Watching You” Source: The Wall Street Journal Online...
Topic: Security / Privacy
“Your Apps Are Watching You”
Source: The Wall Street Journal Online
Presented By: Corey Campbell
Article Overview
Among our devices, smartphones know us best.
The Wall Street Journal conducts an investigation:
App analysis – iPhone & Android Consumer protection Ad networks
Time for an investigation.
Introducing…Your Data
Key categories being looked at:
CATEGORY PROCESS
User name, password Create an account : interact with Facebook
Contacts Access to address book : permission
Age, gender Captured by a form
Location GPS : triangulate with Wi-Fi or cell signals
Phone ID Phone’s SSN : hard to delete
Phone number Passed to app maker or Facebook
Introducing…Your Data
The ones that are watching your data:
WHO MORE INFO
App owner Ones that create or operate the app:
Once data is obtained, few restrictions governing the use of it
Third parties Marketers and companies that monitor app usage:
Create detailed profiles of users
What The Investigation Dealt With
Examined 101 popular smartphone apps for iPhone & Android
Results included:
56 apps transmitted phone’s unique device ID to other companies without user awareness or consent
47 apps gave away the phone’s location
5 apps sent age, gender, and other personal details outside of the app
Intrusive behavior of online-tracking companies to append data to your profile
How Did The iPhone Do?
iPhone sent off more data than Android phones (within 101 app test)
An app that shard the most data:
TextPlus 4 – iPhone text messaging app
sent iPhone’s UDID to 8 ad companies
phone’s zip code, user’s age & gender to 2 ad companies
Apple & Android Apps
Pandora – popular music app
sent age, gender, location, and phone identifiers to different ad networks
Paper Toss – game of tossing paper into trash can
sent phone’s ID number to at least 5 ad companies
Some Comments
Michael Becker of Mobile Marketing Association –
“In the world of mobile, there is no anonymity”
Device is always on and with us
Apple supports a review of app before being offered publicly
Apple & Android protect users from revealing data through permissions
Tom Neumayr – Apple spokesman
“We have created strong privacy protections for our customers, especially regarding location-based data. Privacy and trust are
vitally important.
Getting Around The Rules
Pumpkin Maker – pumpkin-carving game
gave away phone’s location to an ad network without asking permission
Apple declined to talk about this violation
What Are The App Makers Saying?
TextPlus 4 & Pandora:
Data passed is not linked to an individual
Personal details (such as age, gender) are volunteered by users
Pumpkin Maker:
Unaware of Apple’s guidelines to seek user approval before sending data
Paper Toss:
Did not want to comment
Consumer Protection
Privacy Policies:
45 of the 101 apps did not provide a privacy policy
Apple & Google don’t require them
WSJ Designs A System
System intercepts and records data
Decodes data stream
Covered 50 iPhone apps & 50 Android apps
The Jury Is In
The most widely shared item was the phone’s identifier, or UDID for the iPhone.
ID is set by phone makers, carriers, or OS makers
Difficult to delete or hide
Why, Oh Why?
Meghan O’Holleran – Traffic Marketplace
Track everything by phone ID
Apps downloaded Usage frequency Time spent on app Areas used in app
Data is combined, not linked to an individual
No Standards In Mobile
Apple sees UDID as “personally identifiable information”
Can be combined with info from App Store and iTunes
In contrast, Google and most app makers don’t consider device IDs to be identifying information.
Ad Networks
An expanding industry
Mobclix – an ad exchange
Matches more than 25 ad networks with approximately 15,000 apps needing advertising
Takes phone IDs, encodes them, and assigns them to interest categories based on users’ usage factors.
Does a “best guess” of where person lives to mix location data from Nielsen Co.
Powerful system, but categories are still broad enough not to identify people.
An Example: Mobclix Inner-workings
Within a quarter-second, Mobclix can place a user in one of 150 segments it offers to advertisers
Segment types: “green enthusiasts”, “soccer moms”
“die hard gamers” segment:
15 – 25 year old males more than 20 apps on phone use an app for more than 20 minutes at a time
The Ad Networks Have My Info
Claim data is anonymous and brings more relevant advertising
Google received most data overall in the tests by WSJ, but says it does not mix data from its ad units: AdMob, AdSense, Analytics, and DoubleClick
AdMob gives advertisers access to phone users by locations, device type, and demographics (gender, age group)
Apple has its iAd network – only for iPhone
Apple uses App Store and iTunes info to target ads.