Stories
Slash Boxes
Comments

SoylentNews is people

Staggering Variety of Clandestine Trackers Found in Google Play

posted by janrinok on Sunday November 26 2017, @07:57PM   Printer-friendly
from the anyone-remember-privacy? dept.

An Anonymous Coward writes:

A new Free and Open-Source project called "Exodus" scans Android apps and already has found many advertising trackers:

"Researchers at Yale Privacy Lab and French nonprofit Exodus Privacy have documented the proliferation of tracking software on smartphones, finding that weather, flashlight, rideshare, and dating apps, among others, are infested with dozens of different types of trackers collecting vast amounts of information to better target advertising.

Exodus security researchers identified 44 trackers in more than 300 apps for Google's Android smartphone operating system. The apps, collectively, have been downloaded billions of times. Yale Privacy Lab, within the university's law school, is working to replicate the Exodus findings and has already released reports on 25 of the trackers.

Yale Privacy Lab researchers have only been able to analyze Android apps, but believe many of the trackers also exist on iOS, since companies often distribute for both platforms. To find trackers, the Exodus researchers built a custom auditing platform for Android apps, which searched through the apps for digital "signatures" distilled from known trackers. A signature might be a tell-tale set of keywords or string of bytes found in an app file, or a mathematically-derived "hash" summary of the file itself.

The findings underscore the pervasiveness of tracking despite a permissions system on Android that supposedly puts users in control of their own data. They also highlight how a large and varied set of firms are working to enable tracking."

The statement by Yale Privacy Lab summarizes the situation, and the story has seen coverage by Cory Doctorow and Le Monde. Private search engine Qwant has removed trackers in its app and Protonmail is under fire.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Staggering Variety of Clandestine Trackers Found in Google Play | Log In/Create an Account | Top | 33 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: -1, Offtopic) by Anonymous Coward on Sunday November 26 2017, @08:06PM (5 children)

    by Anonymous Coward on Sunday November 26 2017, @08:06PM (#601809)

    Privacy Badger https://www.eff.org/privacybadger [eff.org] includes this FAQ/answer:

    Will you be supporting any other browsers besides Chrome / Firefox / Opera?

    At some point we may try to release Privacy Badger for Microsoft Edge and Firefox Mobile. With that said, if you would like to work on porting Privacy Badger to other platforms, please let us know!

    Maybe there will be an Android version at some point?

    Starting Score:    0  points
    Moderation   -1  
       Offtopic=1, Total=1
    Extra 'Offtopic' Modifier   0  
    Total Score:   -1  

  • (Score: 4, Informative) by frojack on Sunday November 26 2017, @08:52PM (4 children)

    by frojack (1554) on Sunday November 26 2017, @08:52PM (#601823) Journal

    Not even remotely germane to the article at hand.

    These trackers are not using browsers. They are phoning home directly. Weather, rideshare, and dating apps, social media, ANYTHING that is allowed to access the TCP stack, for what ever reason, probably has this crap built in.

    Easy way to find your own likely culprits: Go reset the permissions of all apps, (or at least remove network access permissions). Then just open the ones you use, email, browsers, etc, and re-grant them access to the network. Over the next week you will be bombarded to allow network access to dozens of apps that you use occasional (perhaps unknowingly), all requesting network access. Each time you get nagged, ask yourself "Does this flashlight app have any valid reason to access the net?". If not junk it and get a different app.

    At least that will narrow down your leakers to those you EXPECT to talk to the net. But It still won't let you know if the ones you expect to talk to the net are also sending tokens and trackers beyond what is necessary for performing their advertised purpose.

    --
    No, you are mistaken. I've always had this sig.

    • (Score: 1, Interesting) by Anonymous Coward on Sunday November 26 2017, @09:56PM (3 children)

      by Anonymous Coward on Sunday November 26 2017, @09:56PM (#601851)

      OK, same AC, thanks for the lesson. I'll double-down on my ignorance!

      If, as you say, any app that has access to the TCP stack can track, would it be possible to create something that sits between the TCP stack and all the apps, designed to grant (granular) access?

      If so, the UI I'm imagining is similar to Privacy Badger -- it shows a list of attempts to track and gives the user individual control of which ones to allow. Basically putting a nice face on the manual process that you suggest.