The indiscretion of applications for smartphones is known. Computer National Commission and Freedoms dissects it again in detail. CNIL asserts that two out of three Android retrieve personal data without the knowledge of their users. Geolocation, calendar, advertising preferences; these data escape from smartphones and tablets, and water the publishers servers.
With this new research report conducted in collaboration with INRIA, the full Commission study last year that bent over iOS. This is Android “Jelly Bean” which this time is scrutinized. The operation of 121 applications used with the Google OS were reviewed.
Comparative study between iOS and Android systems. (Source: CNIL)
Geolocation.
The queen of data
The study found that between one quarter and one third applications have access to the geolocation of users. “Geolocation is the queen given on smartphones,” says Geoffrey Delcroix, responsible for study to the CNIL. “The frequency with which the application requests the location data are amazing,” he says. “It is difficult to link this with the functionality of the application.” That’s the problem.
For the use of location data is sometimes totally justified. For a mapping application for example. But many applications, such as games, repatriate location data of their users, but not necessary for the operation of the program. What good are the data? “With a low cost of storage, our hypothesis is that publishers recover amount of data waiting to know how to value them,” says Geoffrey Delcroix.
In this regard, the CNIL cites the case of an application social network who accessed 150,000 times geolocation data from one of its testers in the space of three months …. “By volume, geolocation is the collected data,” says the CNIL. “She alone accounts for over 30% of detected events, but not always related to the features offered by the application or a user action.”
“We call on actors re the proportion between the access to the data volumes and the ability of users to master it, “say the authors of the study.
Race
password
After geolocation, the study points the finger at the “race to the identifiers”. These data on the phone name, owner, or WiFi terminals history used are widely used by application developers. This results in the creation of advertising profiles that can be used while the Internet User expressly states that he does not want to be tracked.
The goal? to offer targeted advertising content by freeing the user’s wishes. “Publishers application will go systematically search the user IDs” says Geoffrey Delcroix. “All these ecosystems living advertising are fond of this information”.
“On Android, a quarter of the applications accessed two or more identifiers,” says the study. For example, use of data in the WiFi card’s MAC address of devices running on Android allows geo-locating wireless networks used. “We can know the history of the location by looking at the history of wifi access points of the phone,” says the author of the study. “Airport, employer, site visits, we can find out where the user is. We can then infer social and family ties by identifying the use of personal wifi box “.
Are these opportunities used? Yes, the 2700 popular applications: 41% of these applications require access the study says. There are a few weeks, the Uber mobile application for Android was located in the heart of the turmoil on exactly the same subject.
The CNIL points to the fact that the Android permission system too complex, too rude, too unfavorable to the user as binary and simplistic. There is no behavioral analysis of the application. ” Google does he make a difference? Obviously not, Android 4.3 included a private view of the control panel, which was removed in subsequent releases.
In an attempt to cope, the CNIL has published on Twitter two short modes use to disable at least partially, the advertising tracking on Android or iOS. “We tried to describe the paths to the settings. It takes some motivation to find the “euphimises Geoffrey Delcroix, which states that Google and Apple are” not a boundless creativity on this issue. “
Côté good practice CNIL recommends limiting charging of mobile applications (sic), to avoid connecting to public Wi-Fi networks, or to ensure that the phone’s applications are closed and not running in the background. “The most important source of data, it is the applications running in the background,” says this about the CNIL. And there are many to adopt this principle.
No comments:
Post a Comment