In today’s world, mobile phones are the essential part of one’s life. Almost every individual has his personal information stored in these gadgets. Also, these Smartphones reveal plenty of knowledge about the users such as the location, routine habits, people to whom they are connected and much more.
With such data residing inside the Smartphone, users tend to take protective measures such as passwords and PIN codes. However, they lack the awareness about online privacy and the fact that more than 70 percent of the apps are transferring their personal data to the third party organizations such as Google Analytics, Facebook Graph API or Crashlytices.
Yet, a truth regarding the collection of data by these mobile apps is that they need some information to work properly. For instance, a map app could not be efficient without tracking your GPS location. Also, some of the apps take user’s permission for collecting personal data, at the time of download. And this is a positive side of apps.
However, once these apps get the permission of collecting data then they could transfer it to the third parties for various reasons such as for advertising purpose.
Impacts of Code Libraries
The app’s collected data doesn’t just remain in the mobile phone, but, it could travel to other servers for getting the designated information. For instance, a mapping app could get your location and transfer it to a server run by the app developer to determine your desired destination through locating directions.
Also, the information could be sent to any other place as well. Just as the sites, many of the apps are prepared by combining the different features that are pre-coded by third party libraries such as the companies and other developers. Through these libraries, developers could get the user information and track their social media habits, online engagements and earn money through delivering advertisements.
Whereas, these libraries could develop a detailed profile of a certain user through tracking his app usage. For instance, an individual could give the location access to a certain app and can allow an another app to know his contacts. But, if both the apps contain the same third party library than the library developers could combine these data pieces together to establish detailed information.
Lumen; Data Analyzing App
The users could now know the fact that how much of their data is been collected by the apps without their permission. For this purpose, International Computer Science Institute (ICSI), UC Berkeley and IMDEA Networks, has developed an Android app known as Lumen Privacy Monitor. It monitors the data traffic send out by the apps to report that which application and online service is actively harvesting personal information.
Through Lumen, a user could see the data that is being collected by the installed app and to whom they are sharing the data. Also, these individuals are provided with an easy guide to understand the working of this app. However, the Lumen app asks the users to collect their data so that they could further research on the behavior of apps that are collecting user data. But, this data does not include any kind of individual’s personal or sensitive data.
Using Lumen could help people to know that whether the app running on their mobiles are sending user’s sensitive data out of the phone, to which websites they are transmitting this information, which network protocol these apps are using and what kind of personal data each app sends to each site.
Since October 2005, more than 1600 individuals have downloaded the Lumen app. Through analyzing more than 5000 mobile apps for these users, Lumen has found 589 websites that are tracking users for advertising purpose. Such sites also include social sites like Facebook, popular searching sites like Google and Yahoo, and online marketing organizations under the influence of internet service providers such as Verizon and wireless.
However, the Lumen app found that almost 70 percent of the apps are connected to at least one tracker and the 15 percent were found connected to five or more trackers. Also, one in every four trackers collects at least one unique device identifier, such as a mobile number or its device-specific unique 15-digit IMEI number.
Unique identifiers are crucial for online tracking purpose as they could connect various types of personal data provided by different apps to a particular individual or device. However, most people including the privacy seekers are unaware of these hidden practices.
Not Just a Mobile Issue
The trackers not just use mobile phones to monitor user’s activity. More than half of the trackers also track users through the internet sites. The technique is known as ‘Cross-device’ through which these services could build a much more detailed and complete profile of user’s online persona.
However, the individual tracking websites are not independent of the others. Also, some of these are owned by the same corporate owners and there is always a possibility that the various sites merge. For instance, Google’s parent company, Alphabet, owns many tracking domains such as Google Analytics, DoubleClick or AdMob. Through these, they collect information from more than 48 percent of the apps.
Yet, the users are not given the protections by their home countries also. Therefore, it is revealed that the personal data of internet users is being transferred across national borders which raise a question regarding nation’s privacy laws.
More than 60 percent of tracking site connected servers was found to be linked with the countries such as U.S., U.K., France, Singapore, China and South Korea. Also, all of these countries have implemented Mass Surveillance technologies for the citizen’s online activities. Therefore, the users living in countries with strong citizen privacy laws such as Germany, Switzerland or Spain, could be tracked if the government agencies are in these places.
This is small research information that has been collected through monitoring certain user’s mobile phones and apps. Therefore, it might be possible that only a few trackers are been identified and reported. That’s why for individuals who are continuously inserting their personal data into mobile phones, should remain vigilant while using apps.
Also, as an internet user, it is necessary to be aware of app’s policies before downloading it into your device. Yet, an important thing to remember is that not only the apps but the internet sites are also tracking you.