Yale University's Privacy Lab has called the attention of Google Inc and Android developers to be more transparent in their privacy and security practice. This comes after the venerable institution's study found that more than three in four Android applications contain at least one third-party tracker.
Hundreds of apps were analysed by Privacy Lab in cooperation with French research group Exodus Privacy and discovered signatures of 25 known trackers in three-quarters of Android apps on the Play Store. Trackers are used to extracting information about users to optimise targeting of advertisements and other services.
Some of the most popular apps on the Google Play Store in question include Spotify, Uber and dating apps Tinder and OkCupid. All four apps are using Google's Crashlytics which is used to monitor app crash reports.
However, Crashlytics has some hidden abilities, like how to get insight from users, what they are doing and push live social content to enchant them.
Another subject app in question is FidZup, a French tracking provider with technology that can "detect the presence of mobile phones and therefore their owners" through ultrasonic tones, according to Yale. Although, developers of the app said they are no longer using the said technology.
"FidZup's practices closely resemble those of Teemo (formerly known as Databerries), the tracker company that was embroiled in scandal earlier this year for studying the geolocation of 10 million French citizens, and SafeGraph, who 'collected 17tn location markers for 10m smartphones during [Thanksgiving] last year'. Both of these trackers have been profiled by Privacy Lab and can be identified by Exodus scans," reads Yale's press statement.
Also read: WhatsApp user? Beware of this new scam!
Yale Privacy Lab is now calling out Google and Android developers to increase "transparency into privacy and security practice as it relates to these trackers."
"Android users, and users of all app stores, deserve a trusted chain of software development, distribution, and installation that does not include unknown or masked third-party code."
"Scholars, privacy advocates and security researchers should be alarmed by the data, and can provide further analysis now that these findings and the Exodus platform have been made public."