Google, the retail arm of the NSA...
... not only tracks you with Android but so do the Apps you install.
Privacy? This is better than Big Brother could have wanted, as they are getting you to opt in and pay for it.
In case you're wondering, yes, there's a good chance at least some of your Android apps have tracked you rather more than you expect. That's the conclusion of a joint project between Yale University's Privacy Lab and French non-profit Exodus Privacy, which has this month documented snoopware features in apps from Uber, Tinder …
It's not Google alone. There are far too many companies selling tracking tools to be embedded into apps. Too many believe it's a huge source of revenues, and want their slice of the cake. Apps developers think too that's another way - and a simple one - to monetize their code. MS turned Windows into a giant tracking tool.
Once software was a way to speed up tasks, and tackle complexity - now it's mostly tracking people attempting to sell more lame ads and goods.
The Relax Vibrator apparently contains a doubleclick tracker so does the Good Vibes app along with recording audio, writing to and reading from your calendar etc. Can't say I'm surprised at the tracker as the apps might contain adverts. I do wonder though is this heralding a new dawn where your vibrator writes in your diary:
Dear Diary,
Sarah was off again with that waste of space Carl last night instead of spending time with me. I make you happy in a third of the time he does and I'm ready to go again whenever you are. I don't have to wait 10 minutes to get my strength back or be too tired tonight! You've changed since I've met you, If only they'd let me talk to the Domino's app I could order Pizza and you wouldn't need him at all.
Apple and Google have used the drug dealers technique, get 'em hooked and they'll come back for more.
How many of would readily give up their smart phones with now?
There is a gap in the market for a new platform/phone OS - one where tracking/collecting data is the exception and most apps are merely help me and not third parties. Maybe even 'free' ad laden apps are the exception and the paid for ad-free ones come out first. It might get rid of a load of bloat. Or maybe the masses don't care enough and are happy to put up with it.
So many apps I have seen seem to want to know more about me than I really think is necessary. I am happy to pay for apps - i don't expect free.
GDPR will "proposedly" allow you to request who/what information is held about you by whoever has it.
It would be interesting for someone to develop an app that provides this information and to provide direct links to the third parties whereby one can contact them directly and request that they stop...
The apps and the app stores will change with GDPR
With GDPR will come a standard along the lines of "GDPR compliant" - probably with a better name.
An app that is compliant to GDPR will carry a clear logo to make it clear to the propspetive user that it meets GPDR requirements (in the same way that have "HD ready" TV). Then when we are in the APP store we can choose only accept apps with the GDPR compliant logo.
There will still be apps out that are not complaint - but users will download those non-compliant apps at their own risk. The download rate for these non-GDPR compliant apps will plummet. The store owners will be made responsible for ensuring that no-apps advertise a false GDPR-compliant labels.
The business model for all these snooping apps (In Europe and the other 100 of countries that copy the EU data protection standards) becomes breaks.
This will impact the users and the apps in north America too. If you are a well educated or wealthy US citizen given the choice of downloading two similar apps - and one is marked one marked GDPR-compliant what will she do? Even in the US GDPR is going to have a big influence and correct badbehaviour.
Many of the non-GDPR app providers and trackers will go out of business. The world becomes a better place.
Geoff
when you go past the "hall of shame" screen (reports.exodus-privacy.eu.org/reports/apps/)
However, I am... confused. It appears that a relatively unknown (have you ever heard of privacy issues?!) app called "Whatsapp messanger" contains... NO trackers. Am I supposed to believe that, given the... associations.
p.s. really ironic that "Firefox Browser fast & private" reports your "private" actitivies to:
•DoubleClick
•LeanPlum
Disappointingly, "Good Vibes", which must be, by the icon, something to do with intimate vibing, only sells your good vibes to the usual culprint (doubleclick). I thought it would go to all the pornhubs of the world united, AT LEAST. Remarkable restraint...
However, in general, the list of apps (eports.exodus-privacy.eu.org/reports/) seems to me little to do with what I installed on my mobile And I can't see a way to sort that by the "most popular / most downloads", just to see, who's big and naughty...
It appears that a relatively unknown (have you ever heard of privacy issues?!) app called "Whatsapp messanger" contains... NO trackers. Am I supposed to believe that, given the... associations.
Maybe it didn't need it because it directly connects to an address with something like this, whatsapp.chatd-edge...facebook.com. You can see it with a network monitoring tool.
OK, so the Information is there that we're all being tracked. Whats the proposed solution? Is there anything out there that acts as a sort of Ghostery/NoScript for apps on Android/Iphone?
Any suggestions? Since we cant trust the apps themselves, it's time for a new type of anti-Virus (anti-track?) that protects us from the ad slingers...
My tablet is a Samsung Galaxy Note 10.1 and Samsung has long since stopped supporting it. So I installed Cyanogenmod and later Lineage OS on it when Cyanogenmod died. Both have extra privacy built in. In the settings, you can override the privacy settings of any app, including Google's. That is your best choice, to see if your device supports Lineage OS. If that isn't available, you can check to see if you can root your device and manually uninstall any bloat apps you don't want and install a privacy app with root access. I did something like that with my Galaxy S3, but I forgot which app I used.
Indeed, there are less safeguards in place for iPhone, I'd you are wondering why they didn't look at iPhone user tracking, its because apple didn't fund that survey...
I also note there was no mention of requested permission, so the android story is clearly clickbait (as usual)
Until personal data are seen as being property, and treated the same way as other items of value and payment terms with explicit ( not just tick a box or tacit acceptance) agreement the data collection companies can just stick their snouts into the trough. In a sense, we've got valuable property that isn't protected by law, and which is left open to predators.
Just looking at an Android phone I have to hand with a small set of apps on it, it makes the following DNS queries at startup (amongst other more obviously attributable ones, such as 4 each to Weather Channel, BBC and Google domains, 2 Twitter and 1 Skype):
s3.amazonaws.com
mads.amazon-adsystem.com
device-metrics-us.amazon.com
mobile.eum-appdynamics.com
reports.crashlytics.com
e.crashlytics.com
settings.crashlytics.com
ticks2.bugsense.com
decide.mixpanel.com
api.mixpanel.com
There are no open TCP ports, but it is listening on 24 different UDP ports, for whatever reason (some more obvious than others):
17
53
687
3130
4444
6001
17237
17629
17824
19682
19687
19936
20423
20522
21060
21405
22914
34555
34580
39217
42639
44946
61412
63420
No consumer makes a conscious, informed choice about any of this, let alone about what data is actually transferred. GDPR certainly ought to be relevant...
What I would like to see is full disclosure on all apps with a full, but non-legalese, description of why the company is providing the software free.
"Software is provided to end-user with no fee...
...with limited features with the hope that they will upgrade to a paid upgrade."
...because we are hoping to profit from in-app purchases."
...in exchange for allowing us to track browsing information to sell to third parties for advertising/other uses."
...in exchange for allowing us to track user's location data to sell to third parties for advertising/other uses."
...is that while I can understand "free" services including trackers and the like, it is neither understandable nor acceptable for banking apps (where we are supposed to have some measure of trust in the bank (CMB and Banque Postale)), and one can say the same for subscription based services (Ouest France). I ought to fire up the VPN firewall app and see what these apps actually try to contact... Then maybe a letter to each demanding an explanation is in order?
Has everyone been asleep? It's been obvious for years that your phone can track you and that anything on/in your phone can be used to track you and attempt to sell you stuff.
I'm just amazed that there appear to be people out there who think that this isn't happening - please children, grow up. You are being tracked if you turn your phone on - if you don't like it then turn your phone off and put it in a foil bag.
I agree, however it isn't just about being tracked - it's about knowing/deciding who is tracking, and why.
We all know phone companies do it (they need to, as part of their infrastructure). Well all know why Google does it, and we even benefit from it.
But Skype? Spotify? Why the feck do they need it?
The worst thing of all is Googles SafetyNet crap in Android.
A lot of the tracking stuff can be controlled and prevented by rooting your Android phone,
and installing Adaway, and XPosed-Framework & XPrivacy, ApsOpsExposed, ReceiverStop and BootManager,
but Google's SafetyNet crap interferes severely with Xposed&friends and a lot of "free" Software doesn't want to run on rooted and tightly security-controlled Android Phones, e.g. SnapChat, Nintendo Games (PokemonGo, Animal Crossing Pocket Camp, etc.) for the sole purpose that snooping and Ad Spamming can not be efficiently prevented.
SafetyNet provides ZERO real security, because most Android phone are running with Android versions which have DOZENs of well-known security holes, because vendors don't ship updates. Plenty of Samsung smartphones are stuck on Android 5.0.1. SafetyNet check works on these phones in factory-pristine (unrooted) conditions -- and a positive SafetyNet check therefore guarantees a hundred ore more gaping open security holes on each of the phones. And SafetyNet prevents safety measures such as Xposed&Xprivacy, Adaway and a lot of other vital tools to get used more broadly.
SafetyNet is a total security desaster and a Snooping&AdSpammin enforcement technology from NSA-arm within Google, and every security practition should know and admit that.
Why doesn't Samsung ship Marshmallow for Galaxy S4 ? Because they fucked up with device encryption in Lollipop on early Snapdragons (600, 800, 805) because it is unreliable and dead slow, but for political reasons "required" in Marshmallow. Android 6 or 7 without encryption would be so much more reasonable that Android 5.0.1 without encryption, but for political reasons undesired by Google. So SafetyNet is extremely counterproductive, and ACTIVELY hurts the userbase.
https://blog.elcomsoft.com/2016/03/smartphone-encryption-why-only-10-per-cent-of-android-smartphones-are-encrypted/
https://nelenkov.blogspot.de/2015/05/hardware-accelerated-disk-encryption-in.html
Kill SafetyNet and kill the FDE-requirement in Android 6+7 for updates to Old Phones/Hardware.
I have no PIN or other protection on my 2-year old Samsung Android phone (it's rooted), because it would be completely pointless against any attacker who gets physical access to my phone -- because of the endless well-known and unpatched 5.0.1 bugs.
I regularly get notifications from Google popping up on my phone, inviting me to review my stay at this hotel or meal at that restaurant, merely because I've been walking near them, on my way round town.
I've also got AFWall+ [Android firewall] installed, which is blocking anything which doesn't obviously need to be able to connect to the internet. You wouldn't believe how persistent Google's GBoard keyboard is at trying to phone home. Almost every time you enter text in a web form, or within an app, AFWall+'s notifications that it has blocked GBoard start appearing --and GBoard will keep trying on about a dozen different IP addresses, before it gives up.
It seems tantamount to having a keyboard with a keylogger built right in.
"Yeah and don't forget just about every web page you ever visited; In fact, like this one you're looking at right now!"
According to uMatrix The Register is using Google analytics, Google Tag and something called dpmsrv.com.
(The page views just fine without them)