Your iPhone/Android apps are (probably) watching you…
New research from the Media Trust suggests that while Apple may offer the world’s most secure mobile platform, not all of the apps available within it meet the same high standard of privacy – and shopping apps are particularly curious.
It’s not just iPhones
This doesn’t solely impact iPhones – any platform can be watched using persistent cookies and tracking codes.
This is legal, of course, but the problem is that not everyone using these technologies to build up user profiles is compliant with data protection regulations.
In August 2019, the Media Trust compared ten out of the App Store’s fifty most popular Shopping and Food & Drink apps to check what code is bundled inside the apps.
They found that shopping apps are more likely to install such code than the others.
“Compared to Food & Drink apps, Shopping apps drop more third-party cookies, have more third-party domains present in the install and purchase phases, and drop far more persistent cookies (ie, whose lifespans exceed session),” the report says.
“Shop apps also run a greater risk of noncompliance with data regulations, such as GDPR and CCPA,” it warns.
It is worth noting that protecting against such experiences is part of what the Media Trust’s business does.
This is surveillance
The report finds a whole bunch of insights into how apps can gather personal data and observes that around 90% of the data calls made from inside your apps take place outside of the app developer’s control.
Lots of this information is relatively benign, of course, things like location data for fraud prevention systems or tracking data to ensure legitimate ads.
However, we are aware that some of this activity is connected with companies seeking to harvest user data, and that not all those collecting such data are necessarily benign.
“Policing these third and nth parties’ activities is both time- and resource-intensive because of the digital supply chain’s lack of transparency, dynamism, and complexity,” they warn.
It’s also of concern that around 7% of shopping app cookies last for over three years.
Why is this?
What makes this worse is that Media Trust analysis suggests around 2% of the cookies being dropped from inside apps are “suspicious”, which is a concern.
Who watches the watchmen?
That’s not to say you should stop using apps, of course.
Media Trust seem far more concerned about what happens to the information about users that is collected.
The danger is that some of the vendors who gather such information have become popular targets for hackers, who recognise that in many cases they don’t apply robust security around the data they collect.
This is information that can be combined with other data stacks to provide huge quantities of data about what people do.
The reality of such risk means consumers should always check the terms and conditions around app use and should most certainly limit the information they allow apps to collect through their device using the privacy tools Apple provides.
“Unless publishers can monitor the activities of third-party code from users’ side, these digital strangers will hurt users and, as a result, their business,” they conclude.
Jason Bickham, Vice President, Technical Operations for The Media Trust says:
“What consumers and mobile app publishers themselves should know is how pervasive stalking has become in the digital world. Apps are designed for personalization and, in order to achieve that, these apps are designed to collect a host of personal information from behavioral to payment data.
“These apps are supported by a broad range of digital vendors who also have their own share of digital vendors. Collectively, these vendors harvest user data to provide the rich experience and convenience that consumers have come to expect from their apps.
“If you’re using apps to order take out or purchase a new dishwasher, digital vendors that support those apps will likely know your habits and transactions. Hard though it seems to imagine, in the digital world, monitoring consumers is the new normal.”
This is, indeed, surveillance.