Last week brought news that Android phones could track people even when location services were disabled. Google assures handset owners that the feature, which utilizes the addresses of nearby cellular towers, will be turned off this month, but a new study suggests users will still be tracked by hundreds of apps, often without their knowledge.
A study from French research organization Exodus Privacy and Yale University’s Privacy Lab found that more than three out of every four Android apps contained at least one third-party tracker.
The teams analyzed hundreds of mobile apps searching for the signatures of 25 known trackers, reports the Guardian. Usually, one would expect such trackers to only appear in less popular applications, but Spotify, Uber, Tinder, and OKCupid were all found to use the Google service CrashLytics, which, while designed to track crash reports, can also “get insight into your users, what they’re doing, and inject live social content to delight them.”
Some of the lesser-known third-party tracking application go a lot further than Google’s offering. FidZup, a French tracking provider, used ultrasonic tones to detect the presence of mobile phones and their owners. It was used by Bottin Gourmand, a French restaurant and hotel guide, to track users of its app around Paris. FidZup said it no longer uses the technology, but only because Wi-Fi networks can do the same job.
Three-quarters of the 300+ apps examined contained at least one tracker, with CrashLytics and DoubleClick being the most popular. But this figure may be even higher, as some of the apps that appear 'clean' may contain as-yet unidentified trackers.
“Publication of this information is in the public interest, as it reveals clandestine surveillance software that is unknown to Android users at the time of app installation,” wrote Privacy Lab. “These trackers vary in their features and purpose, but are primarily utilized for targeted advertising, behavioral analytics, and location tracking.”
Yale Privacy Lab is using the research to call for “increased transparency into privacy and security practice as it relates to these trackers."
“Android users, and users of all app stores, deserve a trusted chain of software development, distribution, and installation that does not include unknown or masked third-party code," it added. “Scholars, privacy advocates and security researchers should be alarmed by the data, and can provide further analysis now that these findings and the Exodus platform have been made public.”
While the study was based on Android apps, researchers say many iOS applications will most likely contain trackers, too.