Thanks to the growing popularity of smartphones, the ecosystem of mobile applications is thriving: users have hundreds of thousands of different apps at their fingertips in Apple’s App Store and in Google’s Play Market. Smartphone apps provide useful services.
However, there is a hidden cost, often unknown to the user: developers collect information about the user without their full knowledge. Apps can access your contact numbers, track your current location, view your web history and then share this data with mobile ad networks to gain revenues with targeted advertisements.
While mobile ads make many apps free, this poses a threat to users’privacy. Computer scientists from the Computer Laboratory at the University of Cambridge have designed a new technique to improve privacy control in such application markets, balancing the need for developer’s revenue and the need for user’s privacy.
To understand the privacy implications of mobile applications, the Cambridge team wrote a programme that was able to collect and analyse the metadata of 251,342 applications available on Google’s Android Market, which has now been renamed Google Play.
The Android Market consists mainly of free applications (73%). The analysis revealed that 80% of those are supported by targeted advertisements. Furthermore, free applications are far more popular in terms of downloads as only 0.2% of paid apps have more than 10,000 downloads (compared to 20% of free apps). At the same time, based on
The results of this study, free apps request significantly more permissions to access sensitive information such as the user’s location, messages (e-mail/sms), contacts, calendar, phone number and IMEI. This includes, for example, 35% of free applications in the “comics” category that request access to the user’s location, or games asking for the user’s phone number and contacts (just to name a few).
In fact, more than 70% of free apps request one such “dangerous” permissions compared to just 40% of paid applications. Although the Android Market raises alerts for applications that require dangerous permissions, this analysis revealed that these alerts have no impact on the decision of users to download applications. Indeed, the number of downloads for a given application appears to not be correlated to the number of dangerous permissions they request.
Free applications request additional information merely to support their own revenue as mobile advertisements typically capture personal information in order to profile the mobile phone user and deliver relevant advertisements to the mobile phone. However, as many media stories have revealed, not all of the developers can be trusted. The problem with the current app model is that the developer is responsible for collecting as much information as possible and forwarding it to the advertising networks in order to display these targeted advertisements.
Instead, Cambridge researchers have tried to design a new approach that can reach a balance between the need for developer’s revenue and the need for user’s privacy. The new model is based on applying a more sensitive approach to privacy control. The process focuses on separating privacy control between the application and the advertisement support component, where two separate flows of information are allowed: one towards the application/developer and one towards the ad-networks.
This allows the specification of distinct privacy requirements for the two entities. For the application, this allows the specification of privacy requirements that are directly related to the actual service offered by the application. For the ad-network component, the distinct flow of private information can allow the implementation of privacy control techniques specifically designed to support an ad-driven market. This means that if a developer gets enough money for their ad-supported applications, then private information can be selectively blocked to protect users.
Privacy concerns about mobile phone usage are rising, but users seem to love the deluge of free and useful apps available on application markets. Thanks to privacy-concerned researchers, this trade-off could eventually be saved by giving users more control about what kind of personal information they reveal.