Oxford researchers expose personal data harvesting in third-party Facebook and Google apps

Study finds that data slurping is building up highly personal profiles of users

Research into 959,000 apps has discovered that vast amounts of personal data is finding its way into the hands of companies such as Facebook and Google via third-party apps.

According to a study by scientists at the University of Oxford probing the apps on Google's Play Store in the US and UK, 88% of third-party apps transfer data to Google's parent company Alphabet. Facebook receives third-party data from 43 per cent of apps, Twitter 34 per cent, Verizon, 26 per cent, Microsoft 23 per cent, and Amazon 18 per cent, according to the research.

Among the types of data collected by tech companies include age, gender, location, usage pattern, to name a few. This data is used by tech giants to develop extremely personalised profiles of users and their behaviour.

"This enables construction of detailed profiles about individuals, which could include inferences about shopping habits, socio-economic class or likely political opinions. These profiles can then be used for a variety of purposes, from targeted advertising to credit scoring and targeted political campaign messages," said researchers.

The data from apps is sent to tech companies via third-party trackers. The researchers found that many apps were targeted at children and gathering data from them. Revenues from online advertising are more than $59bn (45bn) per year in the US alone, according to researchers.

"We find that most apps contain third-party tracking, and the distribution of trackers is long-tailed with several highly dominant trackers accounting for a large portion of the coverage," the report said. "The extent of tracking also differs between categories of apps; in particular, news apps and apps targeted at children appear to be amongst the worst in terms of the number of third-party trackers associated with them. Third-party tracking is also revealed to be a highly trans-national phenomenon, with many trackers operating in jurisdictions outside the EU."

Researchers said that the findings suggested that "there are challenges ahead both for regulators aiming to enforce the law, and for companies who intend to comply with it".

"Full audits of mobile app stores such as this could help regulators identify areas to focus on," they added. 

According to reports from Business Insider, a spokesperson for Google said that the data collected was used for "ordinary functions" such as information on an app crashing.

"We have clear policies and guidelines for how developers and third-party apps can handle data and we require developers to be transparent and ask for user permission. If an app violates our policies, we take action," the spokesperson said.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020