New research out of the International Computer Science Institute in California has turned up a worrisome finding: About 17,000 Android apps have apparently been not only tracking your activity over the long-term (even in instances where users make it clear they don’t want that), but they’ve also been creating a permanent record on your device of every single thing you do, which a CNET report today notes in most cases is a violation of Google’s policy on collecting data that can be used to target advertising to users.
According to that report, the Android apps in question track you by connecting your so-called Advertising ID to other identifying information from your own device that there is no way to change or limit. Google’s recommended best practices for app developers include only using that Advertising ID, which is a unique number used to personalize ads to a user, but this new research, according to the story, shows that “less than a third of the apps that collect identifiers take only the Advertising ID.” In other words, the rest are using all kinds of unique identifying information that can tie your device to you.
In a blog post about the research published today, lead researcher Serge Egelman explains how his team found apps sending information that could identify users on to ad services.
It has been 5 months since we submitted that report, and we have not received anything from Google about whether they plan to address this pervasive problem. In the interim, more apps now appear to be violating Google’s policy. The problem with all of this is that Google is providing users with privacy controls … but those privacy controls don’t actually do anything because they only control the ad ID, and we’ve shown that in the vast majority of cases, other persistent identifiers are being collected by apps in addition to the ad ID.
The CNET report notes that, according to Egelman’s research, some high-profile apps have been doing this. Apps like Angry Birds Classic, Audiobooks by Audible as well as Flipboard. Same with utility apps like Battery Doctor and Clean Master, which has been installed on 1 billion devices, according to the news site.
“Google said it had investigated Egelman’s report and taken action on some apps,” CNET’s story continues. “It declined to say how many apps it acted on or what action was taken, or to identify which of its policies the apps had violated. The company said its policies allow for the collection of hardware identifiers and the Android ID for some purposes, like fraud detection, but not for the targeting of ads.”