Technology These popular apps are sharing personal data with dozens of companies, study says

22:41  14 january  2020
22:41  14 january  2020 Source:   cnet.com

Pre-installed apps on low-end Android phones are full of security holes

  Pre-installed apps on low-end Android phones are full of security holes In what has become an annual reckoning, security research company Kryptowire recently published its 2019 report on the state of manufacturer-installed software and firmware for Android devices and, to no one's surprise, they found more than 140 bugs which could be exploited for malicious purposes. The DHS-funded report uncovered 146 apps, which come pre-installed on inexpensive Android handsets, would pull shenanigans like eavesdropping through the microphone, unilaterally changing their permissions or surreptitiously transmitting data back to the manufacturer without ever notifying the user.

Ten popular apps -- including dating services Tinder, OkCupid and Grindr -- are sharing people's personal information with dozens of digital marketing and ad tech companies without explicitly letting users know, according to a new study. The only way for many users to protect their information, the report says, is for them to have never installed the apps at all.

Do you know where your data's going? Getty Images© Provided by CNET Do you know where your data's going? Getty Images

The study, released Tuesday by the Norwegian Consumer Council (Forbrukerradet), found that the apps, which also included period-tracking apps Clue and My Days, were collectively sharing user data with at least 135 advertising-related companies. The shared data included GPS locations and IP addresses, as well as personal details about gender, sexuality and political views, according to the study.

Bitmoji's custom clothing makes your avatar more true to life

  Bitmoji's custom clothing makes your avatar more true to life It's now easier to be a rugged individualist as far as a digital avatar will allow, anyway. Snap is rolling out a Mix and Match option for Bitmoji on Android and iOS that, as the name implies, lets you customize your virtual persona's clothing on a piece-by-piece basis. Venture into the Avatar Designer in the Bitmoji or Snapchat apps and you can choose different tops, bottoms, shoes and other apparel that matches what you actually wear, or at least what you'd like to actually wear. Want to dress like a hypebeast? You can probably get close enough to let everyone know your tastes.

In response to the study, a spokesperson for Clue said Monday that it doesn't share users' health or menstrual cycle data, and it doesn't sell data to any third-party service, including advertisers. The company does share usage data with Braze, which it says is clearly outlined in its privacy policy, in order to "make improvements to the Clue app and its features."

Match Group, which owns Tinder and OkCupid, said it uses third-party companies to assist with "technical operations and providing our overall services."

"We only share the specific information deemed necessary to operate our platform, in line with the applicable laws including GDPR and CCPA, said a Match Group spokesperson on Monday, referring to the European Union's General Data Protection Regulation and the California Consumer Privacy Act. "All Match Group products obtain from these vendors strict contractual commitments that ensure confidentiality, security of users' personal information and strictly prohibit commercialization of this data."

Google adds another 37 apps to its Play Pass subscription service

  Google adds another 37 apps to its Play Pass subscription service Rather than buying hundreds of individual apps for your mobile device, companies are increasingly offering subscriptions where you pay a single monthly fee to access all the apps you want. Play Pass, Google's Android app subscription service, launched in September with a catalog of more than 350 apps. The service faces stiff competition in the form of Apple Arcade though, so Google has now expanded its program to offer a further 37 games and apps.

  These popular apps are sharing personal data with dozens of companies, study says © Getty Images

The other apps cited in the study didn't immediately respond to requests for comment.

"Every day, millions of Americans share their most intimate personal details on these apps, upload personal photos, track their periods and reveal their sexual and religious identities," Burcu Kilic, of Public Citizen, said in a release. "But these apps and online services spy on people, collect vast amounts of personal data and share it with third parties without people's knowledge."

Public Citizen, along with the American Civil Liberties Union of California and nine other advocacy groups, has called on the US Federal Trade Commission, Congress and the attorneys general of three states to investigate the app companies' data-sharing practices.

The study also said the apps didn't clearly inform users that data would be shared with third-party ad companies. Though some of the data-sharing is described in the apps' privacy policies, the descriptions are long, complex and unlikely to be read by consumers, according to the study. The majority of the apps also didn't offer options or settings to prevent or reduce the sharing of data with third-party companies. The NCC said this leaves most people with one option if they don't want their data shared: Don't install the apps at all.

The NCC tweeted that it'll file complaints against six companies based on its findings.

Grindr said to share users' locations, sex preferences .
Apps fed advertisers data that included info about "personalities, predispositions and secret desires," study found.The popular matchmaking apps collected and processed large amounts of highly sensitive information pertaining to individuals' sexuality, drug use, political views and more to help advertisers send consumers more targeted ads, the Norwegian Consumer Council said in a report entitled "Out of control: How consumers are exploited by the online advertising industry.

—   Share news in the SOC. Networks

Topical videos:

usr: 4
This is interesting!