Google’s tight-knit relationship with advertisers just got a little kinkier. According to a study [PDF] conducted by Duke University, Penn State, and Intel Research Labs, when you launch certain apps on your Android smartphone, you run the risk of sending your personal information, including location, to advertisers. Without your permission, naturally.
Of the 30 surveyed apps, over 50 percent were found to snatch GPS data from your phone and turn it into a marketer’s wet dream. Fifteen out of 30 applications sent geographic data, seven sent unique hardware information, and a few disclosed phone and SIM serial numbers. Among the apps tested were Solitaire, Spongebob Slide, and something called MySpace.
The tool researchers used to discover these violations is called TaintDroid (get your mind outta the gutter, kids), which monitors how mobile applications access and use your location, microphone, camera, and phone numbers in your contact list. TaintDroid is not publicly available yet, but I suspect it will be soon.
This kind of sneakiness isn’t shocking for location-based services like Foursquare and Yelp—companies that make it clear they’re connecting you with suits—but when you consider the seemingly benign Weather Channel app signing the dotted line for you, the process of asking a weatherman which way the wind blows becomes a little nightmarish.
The Android OS is quickly becoming the most popular and omnipresent OS on contemporary smartphones, and, soon, tablet computers.
Google has been busted for this doo-doo behavior before. Back in July, Lookout Mobile Security launched the App Genome Project, which found that 47 percent of free Android apps include third party code—the very ones and zeroes that enable mobile ads to be served and tracked.
Google also has a shady history with behavioral advertising, a targeting program that peeps over your shoulder, tracks your online search activities, and tailors ads to what it deems are your interests. Google says this makes ads “more interesting” (as if we asked for that), but it’s teetering on a precipice overlooking a serious privacy violation. NebuAd, another user of behavior advertising, was smacked around in late 2008 for installing software onto unsuspecting computers and delivering personalized ads. At the time, I thought the class action lawsuit against NebuAd would spell the death of behavioral advertising, but clearly, I was wrong.
The saddest part of this trend—which I doubt will receive mainstream media attention and leave most Android users completely oblivious—is that it’s kinda par for the course nowadays. Though we squeal and squirm whenever we think our privacy is being violated, most people don’t give enough of a shit to change their online behaviors. It’s almost like we want to be stripped bare and shoved onstage.
Yessir, Internet privacy—if it ever existed to begin with—is now most certainly dead.
Relatedly: http://arstechnica.com/apple/news/2010/10/iphone-user-privacy-at-risk-from-apps-that-transmit-personal-info.ars