A recent study by the security researchers from Carnegie Mellon reveals that a number of smartphone applications collect your location-related data — a lot more than you think.
The security researcher released a warning against the alarming approach: "Your location [data] has been shared 5,398 times with Facebook, GO Launcher EX, Groupon and seven other [applications] in the last 14 days."
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology
Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.Join Now
During their study, researchers monitored 23 Android smartphone users for three weeks.
- First Week - Participants were asked to use their smartphone apps as they would normally do.
- Second Week - An app called App Ops was installed to monitor and manage the data those apps were using.
- Third Week - The team of researchers started sending a daily "privacy nudge" alert that would ping participants each time an app requested location-related data.
- Some apps for Android are tracking user's movements every three minutes.
- Some apps for Android are attempting to collect more data than it needed.
- Groupon, a deal-of-the-day app, requested one participant's coordinates 1,062 times in two weeks.
- Weather Channel, a weather report app, asked device location an average 2,000 times, or every 10 minutes.
The participants were unaware of how closely they are being tracked by different apps, and many were surprised by the end results.
"4,182 (times) – are you kidding me?" one of the participants asked. "It felt like I'm being followed by my own phone," adding "It was scary [that the] number is too high."
Another participant wrote, "The number (356 times) was huge, unexpected."
The research team found that privacy managing software helped manage access to data. When the members granted access to App Ops, they collectively checked their App permissions 51 times and restricted 272 permissions on 76 different apps. Just one of the participants failed to review permissions.
As per users mentality, once the participants have made the changes to the app permission, they hardly looked at them after a few days.
"App permission managers are better than nothing, but by themselves they aren't sufficient," said Norman Sadeh, a professor at Carnegie Mellon. "Privacy nudges can play an important role in increasing awareness and in motivating people to review and adjust their privacy settings."
With the help of App Ops privacy app, in the span of eight days, the participants collectively reviewed app permissions 69 times, blocking 122 additional permissions on about 47 different apps.
Ultimately, the team believes that if a user began getting the privacy nudges on a daily basis, they'll definitely go back to their privacy settings and restrict apps that are tracking users more closely.