New York: The free apps and web-based services that you downloaded on Android or iOS mobile devices may have in turn leaked your personal information, including names, gender, phone numbers, and e-mail, a study has found.
For the study, researchers investigated the degree to which each platform — including advertisers and data analytics companies that these services rely on for finance — leaks personal identification information (birthdates, locations).
The findings showed that both apps and websites leaked personally identifiable information to varying degrees.
“We expected that apps would leak more as they have better and direct access to these information. Overall that’s true,” said Assistant Professor David Choffnes, at Northeastern University in Massachusetts, US.
But he also added that typically apps leak “just one more identifier than a website” for the same service.
“In fact, we found that in 40 per cent of cases websites leaked more types of information than apps,” Choffnes said.
Researchers also found that these services would send encrypted passwords to a third party due to a bug, for authentication purposes or for identity management.
“The reasons for the intentional leaks are legitimate, and I’m sure that the services have appropriate agreements with the other parties to protect the passwords,” Choffnes said.
He, however, added, “Users have no idea that their passwords were being sent to other parties.”
To help users make informed decisions about how best to access online services, the researchers have integrated their findings into an easy-to-use interactive website.
This website rates the degree of leak of 50 free online services, from Airbnb to Zillow, based on each user’s privacy preferences.
The free online services include business, entertainment, music, news, shopping, travel, and weather. Each service had to offer the same functionality on both its website and app.
“There’s no one answer as to which platform would be the best for all users,” said Choffnes.
“We wanted people to have their chance to do their own exploration and understand how their particular privacy preferences and priorities played into their interactions online,” he said.
Users can select from a drop-down list of the services included and also the operating system they used — Android or iOS.
Next the users are asked to rate various types of personal information, from their birthdates to their devices’ unique identifiers — information that they mostly prefer to keep private.
“Then, automatically, the site generates two leakiness indexes for the service selected –a sky blue bar for the app version, a lime green one for the web — and recommends the best platform for that particular user,” the researchers said.
Choffnes hopes that the study would start a dialogue between consumers and online services about the kind of information that should be collected — balancing the services’ revenue needs with consumers’ privacy needs.
The results will be presented at the 2016 Internet Measurement Conference, in Santa Monica, California.