your apps are watching you cs 595 - elliott peay
TRANSCRIPT
Your Apps Are Watching You
CS 595 - Elliott Peay
Overview
• Article Focus• What Happened• Findings• What is Going On
Article Focus
Wall Street Journal investigates what information is sent over the network by the apps we use.
Also contains an analysis of the information.
What Happened
• About the Investigation• Investigation Methodology
About the Investigation101 Apps were tested• 50 popular on iPhone• 50 popular on Android• WSJ iPhone app
Android shown at right
iPhone apps will not be covered.
Source: http://blogs.wsj.com/wtk-mobile/
Investigation Methodology
Device was restricted to increase accuracy of data gathered.
• Single-Process Mode• No 3G Access• Man in the middle attack used to obtain data streams• "Mallory" software used to decrypt data
Findings
• Generally, free apps sent more data than paid apps• Generally, iPhone apps sent more data than Android apps• Google was the biggest data recipient
Facebook (Android)
Data Recipients:• Facebook
Data Sent:• Username/Password
Source: http://blogs.wsj.com/wtk-mobile/2010/12/17/facebook-iphone/
PaperToss (Android)
Data Recipients:• AdWhirl• Flurry• Geocade• AdMob (Google)• AdSense (Google)• Microsoft
Data Sent:• Phone ID• Location Information
Source: http://blogs.wsj.com/wtk-mobile/2010/12/17/paper-toss/
Calorie Counter (Android)
Data Recipients:• FatSecret (Owner)• DoubleClick (Google)• Analytics (Google)
Data Sent:• Username/Password• Phone ID• Location Information• Phone Number
Source: http://blogs.wsj.com/wtk-mobile/2010/12/17/calorie-counter/
What is Going On?
Many different groups are using this information
• Ad Networkso Targeted Advertising
• Software Developerso Analyticso User Information
Ad Networks
Multiple apps who work with a particular ad network allow for complex user profiles to be developed.
Application Data Sent
Realty / Mapping App Device ID, GPS Information
Social Networking App Device ID, Gender, Age, Ethnicity
Shopping App Device ID, Product Types
"Why is my GPS icon blinking?"
Information which is generally harder to obtain is of more value to an ad company.
"In its software-kit instructions, Millennial Media lists 11 types of information about people that developers may transmit to "help Millennial provide more relevant ads." They include age, gender, income, ethnicity, sexual orientation and political views. In a re-test with a more complete profile, MySpace also sent a user's income, ethnicity and parental status."
Source: http://online.wsj.com/article/SB10001424052748704694004576020083703574602.html
Privacy Differences vs Computers
"The great thing about mobile is you can't clear a UDID like you can a cookie,[...] That's how we track everything."
Meghan O'HolleranTraffic Marketplace
Image: http://blogs.wsj.com/wtk-mobile/Source: http://online.wsj.com/article/SB10001424052748704694004576020083703574602.html
Developers Want Our Information, Too
• Analyticso Track user navigation through website
• Demographicso See who is using the app
Source: http://blogs.wsj.com/wtk-mobile/ (Image compressed horizontally for presentation)
Conclusion
Finding the over-sharing apps are not possible at first glance.
Trust is a critical step in finding a good app
Source: http://blogs.wsj.com/wtk-mobile/