Majority of Android Apps Contain Embedded User-Tracking: Report

Seventy-five percent of 300 Android apps tested by Exodus Privacy and analyzed by the Yale Privacy Lab contain embedded trackers, including Uber, Tinder, Skype, Twitter, Spotify and Snapchat. The trackers are primarily used for targeted advertising, behavioral analytics and location tracking. They come as part of the app, and their presence and operation is likely unknown to the user at the time of installation.
Details are published in an analysis by the Yale Privacy Lab. It looked at 25 of the 44 trackers known to the French non-profit Exodus Privacy. Exodus analyzed 300 apps using its app scanning platform. According to its own research, the five most common embedded trackers are CrashLytics, DoubleClick, Localytics, Flurry and HockeyApp.
Despite this high number of trackers located by the research, Privacy Lab fears the problem could be worse. “The Exodus platform identifies trackers via signatures, like an anti-virus or spyware scanner, and thus can only detect trackers previously identified by researchers at the time of the scan.” It fears that trackers can be added to apps in software updates after installation, and that new trackers will simply not yet be identified by Exodus.
It also adds, “Tracker companies openly advertise Software Development Kits (SDKs) compatible with multiple platforms. Thus, advertising trackers may be concurrently packaged for Android and iOS, as well as more obscure mobile platforms.”
The analysis from Privacy Lab provides two examples that demonstrate its concern. Fidzup claims it has developed communication between a sonic emitter and a mobile phone. By diffusing a tone, inaudible to the human ear, inside a building Fidzup can detect the presence of mobile phones and therefore their owners. “Users installing ‘Bottin Gourmand’, a guide to restaurants and hotels in France,” warns Privacy Lab, “would thus have their physical location tracked via retail outlet speakers as they move around Paris. Their experience would be shared by readers of car magazine app ‘Auto Journal’ and TV guide app ‘TeleStar’.”
This type of technology has probably been replaced by simple WiFi tracking; but, warns the research, closely resembles the practices of Teemo and SafeGraph. Teemo was embroiled in scandal earlier this year for studying the geolocation of 10 million French citizens, and SafeGraph, who collected 17 trillion location markers for 10 million smartphones during [Thanksgiving] last year.
However, the organization is particularly concerned about the use of trackers on the finances and healthcare of users. It cites Mon AXA, developed by a multinational insurance and finance firm, and found by Exodus to contain six trackers. Privacy Lab does not know what information is shared by these trackers. Other AXA apps, including ‘HealthLook’, ‘AXA Banque’, and ‘My Doctor’ also contain trackers. 
威海文登区宋村中心卫生院举行医务人员职业暴露及安全防护培训
Other health and finance apps that contain trackers include those from Aetna, the American Red Cross, WebMD, American Express, Discover, HSBC, Wells Fargo, and PayPal.
Privacy Lab is calling for greater transparency from Google over privacy and security practices for trackers. “Android users, and users of all app stores, deserve a trusted chain of software development, distribution, and installation that does not include unknown or masked third-party code.”
Related: What’s the Real Cost to Us of an Ad-Funded Web? 
Related: Google Fined $22.5 Million Over Safari Privacy Violation 
Related: Mozilla Brings Privacy-Focused Browser to Android 
政府引导重点支持一些信息安全专项是很有必要的,特别是信息安全关系着国家安全,但是大包大揽会造成安全企业对政策的高度信赖性,能在全球商业竞争领域的安全企业才能得到尊重。

近几年恶性的停电事故、恶劣气候和自然灾害使人们渐渐认识到业务持续性和灾难恢复的重要性,相关的法律法规及监管力度也日渐加强,迫使企业决定增加安全相关的投资。

猜您喜欢

东进加密机SJJ1617应用于水资源监测
网络信息安全实验室
网络安全法宣传片 002 国家网络安全的现状与重要性概述
北京朝阳警方:“红黄蓝幼儿园群体猥亵幼童”系编造
ULTIMATECLIENTACQUISITIONBLUEPRINT TAGGRUN
无线环境中的中间人攻击MITM防范