Oxford researchers expose personal data harvesting in third-party Facebook and Google apps
Study finds that data slurping is building up highly personal profiles of users
Research into 959,000 apps has discovered that vast amounts of personal data is finding its way into the hands of companies such as Facebook and Google via third-party apps.
According to a study by scientists at the University of Oxford probing the apps on Google's Play Store in the US and UK, 88% of third-party apps transfer data to Google's parent company Alphabet. Facebook receives third-party data from 43 per cent of apps, Twitter 34 per cent, Verizon, 26 per cent, Microsoft 23 per cent, and Amazon 18 per cent, according to the research.
Among the types of data collected by tech companies include age, gender, location, usage pattern, to name a few. This data is used by tech giants to develop extremely personalised profiles of users and their behaviour.
"This enables construction of detailed profiles about individuals, which could include inferences about shopping habits, socio-economic class or likely political opinions. These profiles can then be used for a variety of purposes, from targeted advertising to credit scoring and targeted political campaign messages," said researchers.
The data from apps is sent to tech companies via third-party trackers. The researchers found that many apps were targeted at children and gathering data from them. Revenues from online advertising are more than $59bn (45bn) per year in the US alone, according to researchers.
"We find that most apps contain third-party tracking, and the distribution of trackers is long-tailed with several highly dominant trackers accounting for a large portion of the coverage," the report said. "The extent of tracking also differs between categories of apps; in particular, news apps and apps targeted at children appear to be amongst the worst in terms of the number of third-party trackers associated with them. Third-party tracking is also revealed to be a highly trans-national phenomenon, with many trackers operating in jurisdictions outside the EU."
Researchers said that the findings suggested that "there are challenges ahead both for regulators aiming to enforce the law, and for companies who intend to comply with it".
"Full audits of mobile app stores such as this could help regulators identify areas to focus on," they added.
According to reports from Business Insider, a spokesperson for Google said that the data collected was used for "ordinary functions" such as information on an app crashing.
"We have clear policies and guidelines for how developers and third-party apps can handle data and we require developers to be transparent and ask for user permission. If an app violates our policies, we take action," the spokesperson said.
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now