Surprise: Android apps are riddled with trackers

Hundreds of apps put snoops to work, and then there's 'supersonic tone tracking'

In case you're wondering, yes, there's a good chance at least some of your Android apps have tracked you rather more than you expect.

That's the conclusion of a joint project between Yale University's Privacy Lab and French non-profit Exodus Privacy, which has this month documented snoopware features in apps from Uber, Tinder, Skype, Twitter, Spotify, and Snapchat, the university said.

The 25 trackers outlined by Privacy Lab are a subset of 44 that Exodus Privacy discovered by scanning Google Play apps looking for signatures it developed to identify tracking code. The full Exodus list is here.

Exodus said it wants to find helpers for the project, and published its analysis software at GitHub.

Yale said the trackers are mostly used “for targeted advertising, behavioural analytics, and location tracking”, all of which may be legitimate applications, but often operated without users' knowledge.

Lack of transparency about the collection, transmission, and processing of data via these trackers raises serious privacy concerns and may have grave security implications for mobile software downloaded and in active use by billions of people worldwide.

Of 300 apps Exodus has analysed, Yale says, 75 per cent contain trackers. Some of them are familiar names, like Google's DoubleClick, and some seem relatively benign (it's clear what CrashLytics is for).

Users might be less pleased that apps are sending their name, phone number, e-mail address, login, IP address and device ID to OutBrain, and other trackers like Ad4Screen are pervasive across a huge number of publishers and platforms.

Yale's post also detailed the use of “supersonic tone tracking” in the tracker FidZup, which allowed a French restaurant guide called Bottin Gourmand to track users' physical location “via retail outlet speakers”. It then shared that information with other publication apps, Auto Journal and the TeleStar TV guide.

Don't feel smug if you're an iPhone user: the Privacy Lab post said the tracker companies advertised iOS versions of their software, but auditing iOS apps is difficult. ?


Biting the hand that feeds IT ? 1998–2017