topic: security / privacy

18
Topic: Security / Privacy “Your Apps Are Watching You” Source: The Wall Street Journal Online Presented By: Corey Campbell

Upload: josette-roux

Post on 02-Jan-2016

22 views

Category:

Documents


1 download

DESCRIPTION

Topic: Security / Privacy. “Your Apps Are Watching You”. Source: The Wall Street Journal Online. Presented By: Corey Campbell. Article Overview. Among our devices, smartphones know us best. Time for an investigation. The Wall Street Journal conducts an investigation: - PowerPoint PPT Presentation

TRANSCRIPT

Topic: Security / Privacy

“Your Apps Are Watching You”

Source: The Wall Street Journal Online

Presented By: Corey Campbell

Article Overview

Among our devices, smartphones know us best.

The Wall Street Journal conducts an investigation:

App analysis – iPhone & Android Consumer protection Ad networks

Time for an investigation.

Introducing…Your Data

Key categories being looked at:

CATEGORY PROCESS

User name, password Create an account : interact with Facebook

Contacts Access to address book : permission

Age, gender Captured by a form

Location GPS : triangulate with Wi-Fi or cell signals

Phone ID Phone’s SSN : hard to delete

Phone number Passed to app maker or Facebook

Introducing…Your Data

The ones that are watching your data:

WHO MORE INFO

App owner Ones that create or operate the app:

Once data is obtained, few restrictions governing the use of it

Third parties Marketers and companies that monitor app usage:

Create detailed profiles of users

What The Investigation Dealt With

Examined 101 popular smartphone apps for iPhone & Android

Results included:

56 apps transmitted phone’s unique device ID to other companies without user awareness or consent

47 apps gave away the phone’s location

5 apps sent age, gender, and other personal details outside of the app

Intrusive behavior of online-tracking companies to append data to your profile

How Did The iPhone Do?

iPhone sent off more data than Android phones (within 101 app test)

An app that shard the most data:

TextPlus 4 – iPhone text messaging app

sent iPhone’s UDID to 8 ad companies

phone’s zip code, user’s age & gender to 2 ad companies

Apple & Android Apps

Pandora – popular music app

sent age, gender, location, and phone identifiers to different ad networks

Paper Toss – game of tossing paper into trash can

sent phone’s ID number to at least 5 ad companies

Some Comments

Michael Becker of Mobile Marketing Association –

“In the world of mobile, there is no anonymity”

Device is always on and with us

Apple supports a review of app before being offered publicly

Apple & Android protect users from revealing data through permissions

Tom Neumayr – Apple spokesman

“We have created strong privacy protections for our customers, especially regarding location-based data. Privacy and trust are

vitally important.

Getting Around The Rules

Pumpkin Maker – pumpkin-carving game

gave away phone’s location to an ad network without asking permission

Apple declined to talk about this violation

What Are The App Makers Saying?

TextPlus 4 & Pandora:

Data passed is not linked to an individual

Personal details (such as age, gender) are volunteered by users

Pumpkin Maker:

Unaware of Apple’s guidelines to seek user approval before sending data

Paper Toss:

Did not want to comment

Consumer Protection

Privacy Policies:

45 of the 101 apps did not provide a privacy policy

Apple & Google don’t require them

WSJ Designs A System

System intercepts and records data

Decodes data stream

Covered 50 iPhone apps & 50 Android apps

The Jury Is In

The most widely shared item was the phone’s identifier, or UDID for the iPhone.

ID is set by phone makers, carriers, or OS makers

Difficult to delete or hide

Why, Oh Why?

Meghan O’Holleran – Traffic Marketplace

Track everything by phone ID

Apps downloaded Usage frequency Time spent on app Areas used in app

Data is combined, not linked to an individual

No Standards In Mobile

Apple sees UDID as “personally identifiable information”

Can be combined with info from App Store and iTunes

In contrast, Google and most app makers don’t consider device IDs to be identifying information.

Ad Networks

An expanding industry

Mobclix – an ad exchange

Matches more than 25 ad networks with approximately 15,000 apps needing advertising

Takes phone IDs, encodes them, and assigns them to interest categories based on users’ usage factors.

Does a “best guess” of where person lives to mix location data from Nielsen Co.

Powerful system, but categories are still broad enough not to identify people.

An Example: Mobclix Inner-workings

Within a quarter-second, Mobclix can place a user in one of 150 segments it offers to advertisers

Segment types: “green enthusiasts”, “soccer moms”

“die hard gamers” segment:

15 – 25 year old males more than 20 apps on phone use an app for more than 20 minutes at a time

The Ad Networks Have My Info

Claim data is anonymous and brings more relevant advertising

Google received most data overall in the tests by WSJ, but says it does not mix data from its ad units: AdMob, AdSense, Analytics, and DoubleClick

AdMob gives advertisers access to phone users by locations, device type, and demographics (gender, age group)

Apple has its iAd network – only for iPhone

Apple uses App Store and iTunes info to target ads.