18,000 Android Apps Track Users By Violating Advertising ID Policies
Saturday February 16, 2019. 01:50 AM , from Slashdot
18,000 Android apps with tens or hundreds of millions of installs on the Google Play Store have been found to violate Google's Play Store Advertising ID policy guidance by collecting persistent device identifiers such as serial numbers, IMEI, WiFi MAC addresses, SIM card serial numbers, and sending them to mobile advertising related domains alongside ad IDs. Bleeping Computer reports: AppCensus is an organization based in Berkeley, California, and created by researchers from all over the world with expertise in a wide range of fields, ranging from networking and privacy to security and usability. The project is supported by 'grants from the National Science Foundation, the Department of Homeland Security, and the Data Transparency Lab.' By highlighting this behavior, AppCensus shows that while users are being offered the option to reset the advertising ID, doing so will not immediately translate into getting a new 'identity' because app developers can also use a multitude of other identifiers to keep their tracking and targeting going.
Google did not yet respond to a report sent by AppCensus in September 2018 containing a list of 17,000 Android apps that send persistent identifiers together with ad IDs to various advertising networks, also attaching a list of 30 recipient mobile advertising related domains where the various IDs were being sent. While looking at the network packets sent between the apps and these 30 domains, AppCensus observed that 'they are either being used to place ads in apps, or track user engagement with ads.' In a statement to CNET, a Google spokesperson said: 'We take these issues very seriously. Combining Ad ID with device identifiers for the purpose of ads personalization is strictly forbidden. We're constantly reviewing apps -- including those listed in the researcher's report -- and will take action when they do not comply with our policies.' Some of the most popular applications found to be violating Google's Usage of Android Adverting ID policies include Clean Master, Subway Surfers, Flipboard, My Talking Tom, Temple Run 2, and Angry Birds Classic. The list goes on and on, and the last app in the 'Top 20' list still has over 100 million installations.
Read more of this story at Slashdot.
Oct, Mon 21 - 10:09 CEST