Apps Ratting You Out?

Apps Ratting You Out?

People are often surprised to learn that popular mobile applications on their smartphones are sharing their location, contact lists and other sensitive information, Carnegie Mellon University researchers say.

Though some of that sharing is legitimate, the researchers maintain that user perception nevertheless is a starting point in evaluating the privacy and security risks of mobile apps.

"No one expects Angry Birds to use location data, but it does," said Jason Hong, associate professor in the Human-Computer Interaction Institute.

The popular game app is hardly alone. Researchers, led by Hong and Computer Science Professor Norman Sadeh, who analyzed the top 100 Android mobile apps of the past year, found most users were surprised to find the Pandora radio app accessing their contact lists, Brightest Flashlight sharing their device ID, and Horoscope using their location information.

The CMU team, which included Jialiu Lin, a Ph.D. student in computer science, and Shahriyar Amini, a Ph.D. student in electrical and computer engineering, gathered information on user perceptions and expectations as the team developed scalable methods for evaluating and communicating app privacy and security concerns to users.

"All of this information can be used for good or for bad," Hong said of the user data accessed by apps.

Though users are surprised to learn that Dictionary.com uses location information, the app uses it for a benign purpose — identifying words searched by other users nearby, he noted. But some apps — particularly free versions — appear to share device ID, location or contact lists with online marketers or other groups that profile users.

Of the top 100 Android apps, 56 use device ID, contact lists and/or location, the team found.

"As part of our work, we have been automatically scanning the code of mobile apps to determine what they do with the data they collect," Sadeh said.

"While today mobile app markets do not show this information to users, our research indicates that it can have a significant impact on people's comfort level and would enable them to make better informed decisions when selecting apps to install on their phones."


Related Links: School of Computer Science | Human-Computer Interaction Institute | Read more | Studying the Behavior of Privacy | Concerning Privacy