Majority of Android Apps Contain Embedded User-Tracking: Report

Seventy-five percent of 300 Android apps tested by Exodus Privacy and analyzed by the Yale Privacy Lab contain embedded trackers, including Uber, Tinder, Skype, Twitter, Spotify and Snapchat. The trackers are primarily used for targeted advertising, behavioral analytics and location tracking. They come as part of the app, and their presence and operation is likely unknown to the user at the time of installation.
内部安全威胁可以分为三大类:用户无知、操作失误、及蓄意破坏。其中前两者又占据了主要部分,毕竟恶意的破坏和泄露是少数。
Details are published in an analysis by the Yale Privacy Lab. It looked at 25 of the 44 trackers known to the French non-profit Exodus Privacy. Exodus analyzed 300 apps using its app scanning platform. According to its own research, the five most common embedded trackers are CrashLytics, DoubleClick, Localytics, Flurry and HockeyApp.
Despite this high number of trackers located by the research, Privacy Lab fears the problem could be worse. “The Exodus platform identifies trackers via signatures, like an anti-virus or spyware scanner, and thus can only detect trackers previously identified by researchers at the time of the scan.” It fears that trackers can be added to apps in software updates after installation, and that new trackers will simply not yet be identified by Exodus.
It also adds, “Tracker companies openly advertise Software Development Kits (SDKs) compatible with multiple platforms. Thus, advertising trackers may be concurrently packaged for Android and iOS, as well as more obscure mobile platforms.”
The analysis from Privacy Lab provides two examples that demonstrate its concern. Fidzup claims it has developed communication between a sonic emitter and a mobile phone. By diffusing a tone, inaudible to the human ear, inside a building Fidzup can detect the presence of mobile phones and therefore their owners. “Users installing ‘Bottin Gourmand’, a guide to restaurants and hotels in France,” warns Privacy Lab, “would thus have their physical location tracked via retail outlet speakers as they move around Paris. Their experience would be shared by readers of car magazine app ‘Auto Journal’ and TV guide app ‘TeleStar’.”
This type of technology has probably been replaced by simple WiFi tracking; but, warns the research, closely resembles the practices of Teemo and SafeGraph. Teemo was embroiled in scandal earlier this year for studying the geolocation of 10 million French citizens, and SafeGraph, who collected 17 trillion location markers for 10 million smartphones during [Thanksgiving] last year.
However, the organization is particularly concerned about the use of trackers on the finances and healthcare of users. It cites Mon AXA, developed by a multinational insurance and finance firm, and found by Exodus to contain six trackers. Privacy Lab does not know what information is shared by these trackers. Other AXA apps, including ‘HealthLook’, ‘AXA Banque’, and ‘My Doctor’ also contain trackers. 
Other health and finance apps that contain trackers include those from Aetna, the American Red Cross, WebMD, American Express, Discover, HSBC, Wells Fargo, and PayPal.
Privacy Lab is calling for greater transparency from Google over privacy and security practices for trackers. “Android users, and users of all app stores, deserve a trusted chain of software development, distribution, and installation that does not include unknown or masked third-party code.”
Related: What’s the Real Cost to Us of an Ad-Funded Web? 
Related: Google Fined $22.5 Million Over Safari Privacy Violation 
Related: Mozilla Brings Privacy-Focused Browser to Android 
浅谈信息安全测试系统

多家金融机构的业务系统同时出现严重故障,巧合程度令人震惊,警方正在积极调查事故原因,初步断定影响巨大,安全专家提醒:业务持续和灾难恢复计划引起高度重视。

猜您喜欢

轻松打动HSE从业人员的HSE在线视频课程
网络安全管理控制中心
学习管理系统LMS 学员操作演示
给废旧手机回收找个出口
GINOBILITY LOUISLUNCH
树立正确的安全事故观