Oxford researchers expose personal data harvesting in third-party Facebook and Google apps

Faces in binary code to represent privacy
(Image credit: Shutterstock)

Research into 959,000 apps has discovered that vast amounts of personal data is finding its way into the hands of companies such as Facebook and Google via third-party apps.

According to a study by scientists at the University of Oxford probing the apps on Google's Play Store in the US and UK, 88% of third-party apps transfer data to Google's parent company Alphabet. Facebook receives third-party data from 43 per cent of apps, Twitter 34 per cent, Verizon, 26 per cent, Microsoft 23 per cent, and Amazon 18 per cent, according to the research.

Among the types of data collected by tech companies include age, gender, location, usage pattern, to name a few. This data is used by tech giants to develop extremely personalised profiles of users and their behaviour.

"This enables construction of detailed profiles about individuals, which could include inferences about shopping habits, socio-economic class or likely political opinions. These profiles can then be used for a variety of purposes, from targeted advertising to credit scoring and targeted political campaign messages," said researchers.

The data from apps is sent to tech companies via third-party trackers. The researchers found that many apps were targeted at children and gathering data from them. Revenues from online advertising are more than $59bn (45bn) per year in the US alone, according to researchers.

"We find that most apps contain third-party tracking, and the distribution of trackers is long-tailed with several highly dominant trackers accounting for a large portion of the coverage," the report said. "The extent of tracking also differs between categories of apps; in particular, news apps and apps targeted at children appear to be amongst the worst in terms of the number of third-party trackers associated with them. Third-party tracking is also revealed to be a highly trans-national phenomenon, with many trackers operating in jurisdictions outside the EU."

Researchers said that the findings suggested that "there are challenges ahead both for regulators aiming to enforce the law, and for companies who intend to comply with it".

"Full audits of mobile app stores such as this could help regulators identify areas to focus on," they added.

According to reports from Business Insider, a spokesperson for Google said that the data collected was used for "ordinary functions" such as information on an app crashing.

"We have clear policies and guidelines for how developers and third-party apps can handle data and we require developers to be transparent and ask for user permission. If an app violates our policies, we take action," the spokesperson said.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.