How mobile apps follow us

Immediately after installation on a smartphone, mobile applications begin to collect information, requesting permission to access the programs and finding out the personal data of users. In this case, even if we are careful and do not give such permissions, there is a way by which most applications still manage to secretly receive information.

According to a study by Oxford University experts, nearly a third of all applications on the Play Store are associated with at least ten third-party SDKs, and every fifth application sends information to twenty SDKs. In the case of widespread free applications, this figure is even higher. For example, the Tinder application is associated with 51 SDKs, Airbnb with 41, and ESPN with 40.

Most SDKs collect information that we usually don’t attach importance to. They track our actions within applications, the places where we spend most of the time, advertisements that we pay attention to more often and so on. However, such “harmless” actions can do great harm to our privacy.

According to the same study, 88% of applications sent information to companies owned by Alphabet (the parent company of Google), and 43% to services owned by Facebook.

Thus, acting through hundreds of thousands of SDKs, companies like Facebook and Google get the opportunity to customize our digital profile in their database and send us targeted advertising. For example, if a woman in position installs a maternity app on her smartphone, very soon she begins to see advertisements for baby products.

Developers justify the SDK by stating that all data is stored anonymously, and confidential information (such as phone numbers) is never transmitted. In fact, large companies have the ability to access information in our digital profile. The application may not tell the SDK your name or email address, but they can be calculated independently by comparing with the information already available.

It is also worth noting that data sent to the SDK is not always encoded. Kaspersky Lab experts found that 4 million Android applications send information about users in unencrypted form, including names, phone numbers, email addresses and even GPS coordinates.

Another factor that allows the SDK to transmit information is that all permissions are hidden in the Application Privacy Policy, and often developers cannot clearly explain what users give permission to. In addition, application security settings do not apply to third-party SDKs, which leaves people no choice.

Interestingly, up to Android 10 SDKs, they could transfer permissions between two applications that were not connected to each other. For example, if application A has permission to determine location, but application B does not, but both use the same SDK, application B is likely to use resolution A and collect GPS data.

Thus, our privacy directly depends on the weakest link in the application chain, and in the case of smartphones - this is the SDK. Unfortunately, this cannot be changed at the moment. Let's hope that the next versions of Android and IOS will have better protection from third-party trackers.

Post a Comment