Apps aimed at children Tend to be the Worst at Invading Privacy

kid phone
angry birds grade c

Apps aimed at kids tend to be the worst at invading privacy.

That’s one surprising takeaway from the results gathered by computer researchers at Carnegie Mellon University. They just launched PrivacyGrade.org, where every Android app is ranked on how it tracks you.

Apps get a letter grade (A,B,C or D) that depends on two things: How the app tracks you and whether that tracking matches up with your expectations.

So, even apps that hound you for access to your location and contacts get good grades — if they’re upfront about how they track you. With that logic, Facebook (FB, Tech30) and Instagram get an A.

The worst grades are reserved for popular children’s games like My Talking Tom and Fruit Ninja.

graded apps d

My Talking Tom is a game where you raise a virtual cat. The gimmick: You speak to him, and he repeats everything you say. But the app takes your voice recordings, and shares that data with advertisers. And if you connect your phone to a computer, it can delete or modify files on that computer — for a reason CMU researchers can’t yet figure out.

Fruit Ninja is a game of sword-wielding, vegetarian carnage. But the app insists on knowing your precise location, carrier and phone number — sharing that with advertisers.

Also on the naughty list: The Holy Bible. It surreptitiously grabs your contact list, phone call history, phone number, carrier and tracks your location. Bible for Kids isn’t much better: It got a C, because it follows children’s movements.

“There is a big gap between people’s expectations and reality,” said Jason Hong, an associate professor at the computer science school who led the project.

All in all, the team analyzed just over 1 million apps. Nearly 1,000 got the worst rating.

graded apps c

Free flashlight apps are also notorious for gobbling up data that has nothing to do with turning on the phone’s light bulb. Super-Bright LED Flashlight knows your carrier, device ID and phone number. Brightest Flashlight Free — which has gotten in trouble with federal regulators before — still tracks your precise location.

Several versions of Angry Birds are equally intrusive, tracking your location and finding social media accounts on your device.

graded apps b

Popular messaging apps did nominally better. But why does Shazam, which analyzes music, need to know your precise location using the U.S. government’s GPS satellites? Why does Hill Climb Racing, a driving game, need your phone number?

graded apps a

The most popular apps all got passing grades, presumably for being upfront and narrow about permissions.

As for the absolute best grades in the Android world: A+ marks went mostly to unknowns, like a free aquarium wallpaper and a bubble level.

Why are some apps so intrusive? The problem, Hong said, is that app makers piece together computer code like building blocks. And when they want to make money from an app, they insert chunks of computer code that delivers data to advertisers — without actually reviewing it.

That means app developers often don’t even know how intrusive their app is. And it only gets worse when they sign up to receiving income from multiple advertising networks, because that sends user data in all directions.

“Most of these developers are not evil,” Hong said. “They’re trying to monetize apps, but they don’t know what the right thing to do is. There’s not a lot of best practices right now.”

Hong originally had the idea to review apps four years ago. He was using one of the Motorola Droid phones that Google had donated to the university’s computer lab, and he noticed the GPS icon would occasionally pop up — then disappear.

After carefully digging through his app permissions, he discovered his blackjack card game was tracking where he drove and walked. It didn’t make sense, and it didn’t seem fair.

Hong set out to scan every Android app, backed with financial help from Google (GOOG), the National Science Foundation, the U.S. Army and Chinese computer security firm NQ Mobile (NQ). The program used to scan the apps were written by two doctorate students, Song Luan and Jialiu Lin (now a Google privacy engineer).

To gauge people’s privacy expectations, they surveyed thousands of smartphone users. Then the university team built an algorithm that weighs permissions and expectations.

Hong said he hasn’t been able to do the same kind of review of Apple (AAPL, Tech30) apps, because he doesn’t know anyone there. But he’s interested.

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here