Tuesday, December 16, 2014

Too curious mobile applications CNIL hairpin Android – Generation NT

The CNIL the bluntly states: two out of three mobile applications retrieve personal data without the knowledge of the user. Data which has focused on geolocation and user IDs, always with the same goal in mind. Target advertisements

 CNIL Android iOS The National Data Protection Commission took its second season Mobilitics to publish the results his investigation of the access mobile applications to users’ personal data. Launched in 2011, the study has already issued a report on the applications on iOS today paints a picture of trends in Android, with similar conclusions.

So, geolocation data is the most popular applications volume: 30% of users access to data concerning the location. In addition, the frequency of access is surprising if only 24% of 121 monitored apps accessing the location of users, some do hundreds of thousands of times (up to a request every 2 seconds in the case of Happn ).

Of course, for some applications, the location data is legitimate based on the proposed service, including in the case of a GPS guidance service, information on items close .. .Néanmoins, the CNIL questions the need for regular use of this information. CNIL cites the example of two applications that made 700,000 requests for first and over a million for the second in the space of three months, even though these apps are not centered on navigation services.

The study then points to the “race to the identifiers” , data relating to the name of the phone owner, history WiFi terminals used allow to create profiles in the advertising to better target the user and the track, even when not desired.

“On Android, a quarter of applications accessed or two identifiers more “” We can know the history of locations looking at the history of wifi access points of the phone. ” “Aéropot, employer, site visits, where will the user. We can then infer social and family ties by identifying the use of personal wireless box can be known.”

It is difficult for the CNIL to distinguish between the access requests and data transmission. Thus, each request does not automatically lead to data sharing.

In addition, the Android permission system is particularly affected by the CNIL for its coarse side and complex that the user loses in settings not explicit enough

This is why the CNIL has published two notices on Twitter allowing users to better understand how to adjust the sharing of information on Android and iOS. “We tried to describe the paths settings. It takes some motivation to find them. “

LikeTweet

No comments:

Post a Comment