Pittsburgh Post-Gazette TechMan column
Jan 20, 2013 (Pittsburgh Post-Gazette - McClatchy-Tribune Information Services via COMTEX) --
It is no surprise that when you surf the Web, sites are gathering information about you.
But the average consumer might not be quite as aware of the information being gathered by apps that you download to your computer, phone or tablet.
Researchers at Carnegie Mellon University have looked at data collection and use by apps, and some of their findings may surprise.
"If we tell people that a Google Maps app is going to use your location data, no one is surprised because it is sort of obvious that it does. But if you tell them that Angry Birds or a flashlight app uses your location data, then everybody is surprised because they didn't expect that at all," said Jason Hong, associate professor in the Human Computer Interaction Institute at CMU.
The research team, including Mr. Hong and computer science professor Norman Sadeh, analyzed the top 100 Android mobile apps of the past year.
The team, which included Jialiu Lin, a doctoral student in computer science, and Shahriyar Amini, a doctoral student in electrical and computer engineering, found that most users were surprised by the type of information that apps were collecting.
Of the top 100 Android apps, 56 use device ID, contact lists or location, researchers found.
They then looked at the reaction of 5,000 users to what the apps collected.
They listed the 10 apps that raised the most surprise among users (and the sensitive information each app accesses):
Brightest Flashlight (device ID, location); Toss It game (device ID, location); Angry Birds game (device ID, location); Talking Tom virtual pet (device ID); Backgrounds HD Wallpapers (device ID, contacts); Dictionary.com (device ID, location); Mouse Trap game (device ID); Horoscope (device ID, location); Shazam music (device ID, location); Pandora Internet Radio (device ID, contacts).
The device ID, a sequence of letters and numbers specific to your device -- doesn't identify you by itself, but -- when coupled with other information such as passwords, billing addresses and payment data -- it could pose the risk of identity theft.
Using the device ID, your location can be tracked while using different apps, allowing ad networks not just to see a location, but a trail of where you have been.
Some apps -- particularly free versions -- appear to share device ID, location or contact lists with online marketers or other groups that profile users.
Angry Birds, for example, shares sensitive information with eight entities -- four companies that target mobile ads, two mobile ad networks, an app analytics site and an ad optimization and rewards company.
The CMU team -- funded by the National Science Foundation, Google and the Army Research Office -- got the sharing information by scanning code, something most people can't do, Mr. Hong said.
The Google Play store does tell what information apps collect, and many apps in the Apple store have boxes that pop up asking for permission to use data. But neither site reveals how the information will be used.
According to Mr. Sadeh, the Google site informs you of data collection "at the worst possible time" -- after you have already decided to download that app. Apps on the iPhone are a little better in that under "settings," "privacy," you can turn off data collection.
The researchers also looked at methods for evaluating and communicating app privacy and security concerns to users. The sheer number of apps available -- more than a million -- makes the problem difficult.
The need for consumers to be given this information is "below the radar right now in terms of legislation and software tools," Mr. Hong said.
Read TechMan's blog at post-gazette.com/techman. Watch or listen to TechTalk at multimedia.post-gazette.com
___ (c)2013 the Pittsburgh Post-Gazette Visit the Pittsburgh Post-Gazette at
www.post-gazette.com Distributed by MCT Information Services
[ Back To TMCnet.com's Homepage ]