Sign up to our newsletter
A Carnegie Mellon University study has discovered that a selection of Android apps collect geolocation data on their users an average of once every three minutes, according to the Wall Street Journal.
The data requested by the apps would pinpoint a user’s location to within 50 meters, and over the two weeks of the study, apps requested that information an average of 6,200 times.
The researchers recruited 23 Android users from Craigslist and the Carnegie Mellon student body, weeding out those who had particularly good technical skills or strong views on privacy. The users were then allowed to use their own choice of applications over the two weeks, without knowledge of what was being assessed by the researchers, who tracked the data requests through specially designed software.
The study highlighted The Weather Channel’s app (2,000 requests) and Groupon (1,062 times) as particularly overzealous location requesters. Both undoubtedly need location data to function well, but as Norman M. Sadeh who co-wrote the study asked Consumerist, “Does Groupon really need to know where you are every 20 minutes?”
“The person would have to be accessing Groupon in their sleep,” he added.
One of the most prolific apps that tracked location data was Google Play Services, which comes pre-installed on Android devices and cannot be easily removed. It racked up an average of 2,200 requests over the duration of the study.
As the Wall Street Journal notes, although this research was confined to Android devices, comparable studies on iOS handsets aren’t available.
Sadeh is not concerned by the number of requests per se, but questions the necessity of them, and how much people know about the data being recorded on them. As he told Wired, “There are some applications where you could justify this level of frequency—think for instance of a navigation app.”
“So the frequency by itself is not the problem. Instead it is whether the frequency is justified, and obviously whether users are informed of these practices and have some level of control.”
In the third week of the study, the researchers started sending the participants ‘privacy nudges’, which would inform them of every time an app requested their location. Following the stream of notifications, 95 percent of participants reported that they would reassess their app permissions, and 58 percent chose to restrict apps from collecting their personal data.
The full study will be presented at a conference at Seoul next month.
Author Alan Martin, ESET