Ars technica is reporting that some Android applications are surreptitiously sending GPS coordinates and other information to advertisers. The information comes from a recent study done by researchers from Penn State, Duke University, and Intel Labs. “They used TaintDroid to test 30 popular free Android applications selected at random from the Android market and found that half were sending private information to advertising servers, including the user’s location and phone number. In some cases, they found that applications were relaying GPS coordinates to remote advertising network servers as frequently as every 30 seconds, even when not displaying advertisements. These findings raise concern about the extent to which mobile platforms can insulate users from unwanted invasions of privacy.
As Google says in its list of best practices that developers should adopt for data collection, providing users with easy access to a clear and unambiguous privacy policy is really important. Google should enhance the Android Market so that application developers can make their privacy policies directly accessible to users prior to installing, a move that would be really advantageous for end users. When applications share information improperly, don’t conform with the stipulations of their privacy policies, or aren’t suitably transparent about their data collection practices, tools like TaintDroid will be a powerful asset for enabling savvy users and privacy watchdogs to expose such abuses. The researchers behind the TaintDroid project will soon be publishing their results and plan to make the TaintDroid application available to the public in order to encourage further investigations. Their efforts to raise awareness of data collection by mobile applications is an important contribution to the advancement of safe mobile computing.