Most Android apps are using “clandestine surveillance software” to tracking everything their users are doing, a damning new report has revealed.
Researchers from the Privacy Lab of Yale University and Exodus Privacy, a French non-profit organisation conducted a study into different app “trackers” which are used to monitor user behaviour for targeted advertising, location tracking and usage analytics.
In the study, researchers analysed over 300 Android apps and found more than 75 percent contained these trackers, including apps such as Skype, Twitter, Google Play, Uber, Tinder and Spotify.
Researchers, who said people “should be alarmed by the data” warned that most Android users have no idea the trackers are even present on their smartphones and are unaware their personal data is being shared.
One of the trackers highlighted in the report is called Crashlytics, which is owned by Google and is used in apps such as Uber, Spotify and Twitter, among others. It is used to report every time an app crashes but also says it allows app developers to “get insight into your users, what they’re doing, and inject live social content to delight them”.
A scary boast of another tracker called FidZup says it can “detect the presence of mobile phones and therefore their owners” but using ultrasonic tones which are inaudible to the human ear.
Meanwhile, an app created by insurance firm AXA was found to contain six trackers and while it is not known what information is being shared, data stored by the app is likely to be sensitive in its nature.
“Publication of this information is in the public interest, as it reveals clandestine surveillance software that is unknown to Android users at the time of app installation,” wrote Privacy Lab in a blog post.
“These trackers vary in their features and purpose, but are primarily utilized for targeted advertising, behavioral analytics, and location tracking.”
“Lack of transparency about the collection, transmission, and processing of data via these trackers raises serious privacy concerns and may have grave security implications for mobile software downloaded and in active use by billions of people worldwide,” Privacy Lab said.
The researchers are calling on Google and app developers to be more transparent in the data it collects.
“Android users, and users of all app stores, deserve a trusted chain of software development, distribution, and installation that does not include unknown or masked third-party code”.
The report only looked at Android apps, but its authors said the situation may be just as bad with apps found in Apple’s App Store.
“Many of the same companies distributing Google Play apps also distribute apps via Apple, and tracker companies openly advertise Software Development Kits (SDKs) compatible with multiple platforms,” researchers wrote.
“Thus, advertising trackers may be concurrently packaged for Android and iOS, as well as more obscure mobile platforms.”
The news comes after Google admitted that it had been collecting the location data from users without their permission and even when there was no SIM card in their smartphone.
It was revealed that Google had using data collected from telephone masts to gather data on users.
In response Google said it would stop using this practice to collect data on users by the end of November.