A report by researchers from Harvard University, MIT and Carnegie Mellon University has uncovered that many mobile apps share sensitive user information with third parties, without notifying users.
The research looked into 110 free applications on both Android and iOS, ranked as most popular on the Google Play Store and Apple App Store in June-July 2014.
With some applications, the third-party domains information was shared with were fairly innocuous. For example, the eBay application sent some user information to ebay.com and paypal.com; Fitbit, a health and activity tracking application, sent user information to fitbit.com. Information like this would need to be shared in order for easy use across the web versions and app versions of the service, and to allow for the proper running of an application. Other applications shared information with unrelated sites, with many sharing information to advertising companies. The Drugs.com application was found to send inputted medical information to five third-party advertising domains, including DoubleClick and IntelliTXT.
47% of iOS applications, and 33% of Android applications tested were found to share location based information with third parties. Most consumers are sensitive to their location data being shared however – two studies cited by the report showed around two-thirds of people did not want their location data shared to advertisers. Location-tailored advertisement accounts for an increasing percentage of mobile advertisement, seemingly despite consumers wishes.
Across both operating systems, the data types most commonly shared were email addresses (45% of apps), location or geo-coordinates (40% of apps), and name (34% of apps).
The report was conducted as part of the Summer Research Fellows Program, a program aimed at giving university students the opportunity to spend 10 weeks researching a chosen topic.