Technology These popular apps are sharing personal data with dozens of companies, study says

22:41  14 january  2020
22:41  14 january  2020 Source:   cnet.com

Pre-installed apps on low-end Android phones are full of security holes

  Pre-installed apps on low-end Android phones are full of security holes In what has become an annual reckoning, security research company Kryptowire recently published its 2019 report on the state of manufacturer-installed software and firmware for Android devices and, to no one's surprise, they found more than 140 bugs which could be exploited for malicious purposes. The DHS-funded report uncovered 146 apps, which come pre-installed on inexpensive Android handsets, would pull shenanigans like eavesdropping through the microphone, unilaterally changing their permissions or surreptitiously transmitting data back to the manufacturer without ever notifying the user.

Ten popular apps -- including dating services Tinder, OkCupid and Grindr -- are sharing people's personal information with dozens of digital marketing and ad tech companies without explicitly letting users know, according to a new study. The only way for many users to protect their information, the report says, is for them to have never installed the apps at all.

Do you know where your data's going? Getty Images© Provided by CNET Do you know where your data's going? Getty Images

The study, released Tuesday by the Norwegian Consumer Council (Forbrukerradet), found that the apps, which also included period-tracking apps Clue and My Days, were collectively sharing user data with at least 135 advertising-related companies. The shared data included GPS locations and IP addresses, as well as personal details about gender, sexuality and political views, according to the study.

Instagram, Oculus and WhatsApp are missing from Facebook's privacy booth at CES

  Instagram, Oculus and WhatsApp are missing from Facebook's privacy booth at CES The social network doesn't address privacy tools for other apps it owns.The space, which Facebook calls a privacy booth, includes a large screen that displays the revamped privacy checkup it unveiled at the Consumer Electronics Show on Monday. The checkup guides users through privacy and security settings on the social network.

In response to the study, a spokesperson for Clue said Monday that it doesn't share users' health or menstrual cycle data, and it doesn't sell data to any third-party service, including advertisers. The company does share usage data with Braze, which it says is clearly outlined in its privacy policy, in order to "make improvements to the Clue app and its features."

Match Group, which owns Tinder and OkCupid, said it uses third-party companies to assist with "technical operations and providing our overall services."

"We only share the specific information deemed necessary to operate our platform, in line with the applicable laws including GDPR and CCPA, said a Match Group spokesperson on Monday, referring to the European Union's General Data Protection Regulation and the California Consumer Privacy Act. "All Match Group products obtain from these vendors strict contractual commitments that ensure confidentiality, security of users' personal information and strictly prohibit commercialization of this data."

Grindr said to share users' locations, sex preferences

  Grindr said to share users' locations, sex preferences Apps fed advertisers data that included info about "personalities, predispositions and secret desires," study found.The popular matchmaking apps collected and processed large amounts of highly sensitive information pertaining to individuals' sexuality, drug use, political views and more to help advertisers send consumers more targeted ads, the Norwegian Consumer Council said in a report entitled "Out of control: How consumers are exploited by the online advertising industry.

  These popular apps are sharing personal data with dozens of companies, study says © Getty Images

The other apps cited in the study didn't immediately respond to requests for comment.

"Every day, millions of Americans share their most intimate personal details on these apps, upload personal photos, track their periods and reveal their sexual and religious identities," Burcu Kilic, of Public Citizen, said in a release. "But these apps and online services spy on people, collect vast amounts of personal data and share it with third parties without people's knowledge."

Public Citizen, along with the American Civil Liberties Union of California and nine other advocacy groups, has called on the US Federal Trade Commission, Congress and the attorneys general of three states to investigate the app companies' data-sharing practices.

The study also said the apps didn't clearly inform users that data would be shared with third-party ad companies. Though some of the data-sharing is described in the apps' privacy policies, the descriptions are long, complex and unlikely to be read by consumers, according to the study. The majority of the apps also didn't offer options or settings to prevent or reduce the sharing of data with third-party companies. The NCC said this leaves most people with one option if they don't want their data shared: Don't install the apps at all.

The NCC tweeted that it'll file complaints against six companies based on its findings.

A popular analytics platform secretly scraped user data via VPN apps .
Popular analytics platform Sensor Tower has been secretly harvesting data from millions of people with Android and iOS ad-blocking and VPN apps, according to an investigation by BuzzFeed News. It's not clear that the apps -- which include Free and Unlimited VPN, Luna VPN and Adblock Focus -- were owned by Sensor Tower, nor were their users made aware that by using them they were exposing their data to potential risk. As BuzzFeed reports, users installing one of these apps were prompted to install a root certificate –Apple and Google restrict root certificate privileges due to the security risk to users.

—   Share news in the SOC. Networks

Topical videos:

usr: 4
This is interesting!