Almost 9 in 10 Android Apps Are Able To Share Data With Google, Says Study

A peer-reviewed study [PDF] of almost one million Android apps has revealed how data from smartphones are harvested and shared, with nearly 90 percent of apps set up to transfer information back to Google. From a report: Researchers at Oxford university analysed approximately a third of the apps available in Google's Play Store in 2017 and found that the median app could transfer data to 10 third parties, with one in five apps able to share data with more than 20. This year has seen unprecedented scrutiny over how websites use the data they collect from their users, but little attention has so far been paid to the sprawling and fast-growing world of smartphone apps. Reuben Binns, the computer scientist who led the project, said that because most apps have now moved to a "freemium" model, where they make revenues from advertising rather than sales, data sharing has spiralled out of control.

Users, regulators and sometimes even the app developers and advertisers are unaware of the extent to which data flow from smartphones to digital advertising groups, data brokers and intermediaries that buy, sell and blend information, he said. "This industry was growing already on the webâ...âwhen smartphones came along, that was a new opportunity," he said. "It feels like this legitimate business model has gone completely out of control and created a kind of chaotic industry that is not understood by the people who are most affected by it."

Peak App

[PincushionMan]

So what you are saying is, "Now is not the time to get into app development", right?

Re:Peak App

No, what is being said here is that its time to get rid of your so called "smart"phone! Don't believe me? Just look at all of the stuff on your phone that most apps want access to (that they don't need to access to work)! I have a "dumb" phone that only does calls and texts...and I like it that way. The camera and microphone on a "smart" phone can be turned on remotely without you even knowing...most apps want access to pretty much all of the data on your phone. The collection, buying, and selling of people's data is one of the biggest businesses in the world...with more and more insanely greedy corporations wanting to cash in on the big bucks! (Cr)apple, Google, and most of the app makers are abusing the capabilities of the "smart" phones to steal user data and sell it. They won't admit it of course!

No shit.

[viperidaenz]

90% of Android apps use Google's free usage monitoring service and/or ad framework?

You don't say.

Re:No shit.

Nice strawman, but that's not the kind of innocuous data we're talking about here

But you know that, don't you? What's your agenda?

Re:No shit.

Fuck off you moronic Trump voter.

Re:No shit.

[viperidaenz]

Do you know what kind of data they're talking about?
The study used static analysis to search for hostnames in APK files. They matched the host names to those of known tracking companies.
The string "google.com" was found in 87.52% of apps. Of those, Google API's were 67.51 and Google's ad services (DoubleClick) were down at 60.85%.
Facebook was at 42.54%

That's the extent of it. They did no analysis of data and couldn't differentiate between advertising and analytics.

Another issue is
that without dynamic network traffic analysis of all apps, including
successful man-in-the-middle proxying and ability to interpret the
data payloads, we cannot confirm precisely what data is sent to each
tracker. Finally, different trackers serve different purposes; some
facilitate targeted advertising, while others are used for analytics.
Without further fine-grained distinctions between such purposes,
the figures presented here do not represent the full nuance and
variety of third party tracking and its impacts.

From 2010: The ad ecosystem

https://cdn.theatlantic.com/static/mt/assets/science/display_advertising_ecosystem_011011-1024x741.png

That was eight years ago.

Google business model

[sinij]

Free mobile phone OS written by biggest data collection and aggregation company is prone to and open to abusive unrestricted data collection. News at 11.

Re:Google business model

99% of this is likely just crash/app metrics. Not surprising, not ground shaking, and apple (et al) also do this.

Headline would be more accurate saying "All smartphone apps collect crash and usage data" (even though technically that would be also wrong as it would be Apple/Google/etc collecting that to provide to devs control panels so they can see where their apps are crashing.

Conspicuous absence of headlines about Microsoft and Windows Telemetry data collections, windows inking, speech, etc *cough* *cough*. Also cameras in supermarkets, user tracking in shops, even eye tracking of shoppers (yes, this is a thing, and it exists).

Your car even collects information about you (this would be on star, other remote diagnostics provided by the manufacturer, vehicle 'tracking' solutions required by insurance for anti-theft, etc, etc). All your data gets collected.

What you watched last night on your cable TV or sky box gets collected and sold on to others.

CCTV with face recognition, ANPR numberplate scanners track you (and I bet that data gets sold on as well - I'm looking at you too, trafficmaster)

Even crime data gets sold on (so you can see crime statistics and locations in your area - at least we have that in the UK).

Google and Apple aren't the top data aggregators. They're big ones, but not the ones with the most information about *every* *fucking* *citizen* in your country.

Re:Google business model

Why are you defending Google? Who the fuck do you think you are?
Google needs to be crushed. Its employees unemployed. Its data centers destroyed. This company is cancer.

NO. ALL of them do. By definition!

They run on Android. Android is the godking on the device. The gatekeeper between all the App’s IO. Screen, keyboard, everything.

And Android (not just AOSP) is Google. It can, itself, share whatever it pleases, as long as the laws or shadows allow it. Even demand it, if you want into the Play "store". Hell, even the bytecode is compiled for the target device, by Google's VM. Adding and removing whatever and having it behave however it pleases.

Not saying Android necessarily does. AFAIK, it still does it less than e.g. Windows 10.
But the point of the "study" is kinda moot at that point, don't you think?

Re: NO. ALL of them do. By definition!

Especially now they are offering a service where instead of uploading a signed .APK, you upload some other bundle and THEY compile and sign final packages for each platform.

And by the way if your app uses push notifications, you have to agree to share data with Google or you cant even register it with firebase

The ONLY reason I own an Iphone.

I'll take Apple over Google. Thankfully Apple has sided with an individual's right to privacy. It's the only reason I own iphone.

Re: The ONLY reason I own an Iphone.

That and the decided lack of malware. The Play store is riddled with it. Never happens in the App store. Simply does not happen.

Re: The ONLY reason I own an Iphone.

[Adambomb]

I'll agree it happens far less frequently but it does happen: https://us.norton.com/internet...

Re: The ONLY reason I own an Iphone.

How can you know? Nobody can scan executables on idevices en-masse. All of the white hat malware that has ever been on the app store has been self-reported. Even a company as large as Niantic was actively bypassing security restrictions to scan for cheats -- and they got away with it to for quite some time. The app was never pulled off the store, and nobody's any wiser.

APL will gladly "sell your info" -- they have their own advertising platform that they force devs into.

So not sure what the difference is.

10 of 10 apps

are out to get you.

Its not paranoia if you right.

Re:10 of 10 apps

Here you go, have an upvote.

Well, that did not go as planned. I've got to remember to not comment in stories I'm moderating.

We're post-web, and post-app.

Just write your program in your favorite language, and have LLVM and a few tools compile it into an "app", or a WebAssembly program, or a console game, or whatever you like. Apart from just a plain old program.

With the right widget library, no problem. As long as all the libraries you use can run on the same base API that is available everywhere.

Android vs iOS

And to think that I was considering buying my first Android phone when my Mickysoft phone dies..... this story is a win-win for Apple.

Peer reviewed?

[Mondragon]

Since when did papers on Arxiv get a claim of peer review? I mean, ok, I guess I read it. So sure.

the need ?

To be fair, a big 80% of them don't even need them. There should be some regulation on what data I need to share cause right now it feels like an open bar and everyone is taking advantage of this obviously.

Open letter to all my friends

Particularly the Android fanbois and Apple hatorz.

I keep thinking maybe I'll try an Android for my next phone

And then I read this kind of stuff.

No thanks. I'll keep my iPhone.

Re:Open letter to all my friends

[tsa]

Haha, my thoughts exactly.

almost 9 out of 10

[mschoolbus]

So really... 8/10 apps are able to send data to Google?

Re:almost 9 out of 10

[techno-vampire]

That's an interesting thought. What I wonder is how many of those apps actually do send data to Google? Just because they're able to doesn't mean that they're doing it.

Re:almost 9 out of 10

Yup, this phrasing is always targeted at Android. Meanwhile, the millions of infections and passwordless root on idevices and icomputers just get "oh, there's 1 vulnerability", not "EVERY USER WAS AT RISK".

Sadly, it sways the people who don't know how to read this garbage properly. Just ... firewall google... or deny extranous permissions... or just not use google. Many ways around it EVEN IF it was as bad as they say it was.

It's hilarious watching this stuff happen in real life. I watch the Pokemon Go spoofing community and Android always has far more problems trying to bypass security than idevices.

LOL

Re:almost 9 out of 10

[nasch]

Actually there are numbers between 8 and 9, believe it or not.

Shouldn't they be giving us the phones free then?

A la Windows 10? It would be a more palatable if I were being given a new Pixel every 12 months...

Apple

Another huge win for Apple. Who the hell would want anything Google when these apps spend most of their time doing what Google does best, which is tracking you and selling your private life?

Slashdot shares data with Google too

A quick view-source on this very page reveals plenty of google tags and other nice third party surprises.

Independent App Review website?

Is there an independent website out there that determines what apps are collecting and gives them a rating based on privacy?

I often take a leery eye at "free" apps that don't seem to push many ads my way, but must be generating income via some stream. I'd love to have a resource that explains what apps are doing to generate their income on our behalf.

wishful thinking??