Cellebrite is now synonymous with newer iPhone data read out (Photo: apple.com) The Israeli…
Apps: Sensitive data often end up in countries with bad data protection
The majority of Android apps not only collect data, but also pass it on to external companies. This has been noted by staff of the “International Computer Science Institute” (ICSI) in Berkeley around Narseo Vallina. The ICSI researchers turned the tables and traced the apps themselves with the Android app “Lumen Privacy Monitor” and over 1,600 voluntary testers.
When an app is installed, you must be granted certain permissions, such as access to location, contacts, or photos. Once there is an approval, the app can do what it wants with the data. 70 percent of the applications provide personal information to tracking services such as Google Analytics, the Facebook Graph API or Crashlytics, the researchers report.
Forty percent of the tracers also collected data that could clearly identify the user’s device, such as the telephone number or IMEI number. By combining the collected data from several apps, the smartphone users and their interests can be further clarified. Half of the App-Tracker also used cross-device tracking, which also includes search queries and usage behavior on devices other than the smartphone.
Lascher data protection abroad
The app-related app lumen makes it possible to see on which servers the most personal data can be found: 60 percent of the tracking pages are located in the USA, UK, France, Singapore, China or South Korea. These six countries also use mass surveillance technologies, warns Narseo Vallina. Thus, authorities could easily access this data, even if the users live in countries with more stringent data protection laws like in Germany or Switzerland.
Children in sight
It is also frightening that some children are already under the watchful eye of the tracker: 10 percent of the tested apps collected the unique MAC address of the WLAN router. This is particularly dangerous because it can also be used to track children’s residential address, which may even violate rules for the protection of children’s privacy, concludes the ICSI researchers around Vallina.