A Carnegie Mellon University study shows that roughly every three minutes or 50 meters location data is collected by mobile apps. Over a two-week time frame the research concluded that a dozen or so popular Android apps excessively collected location data. Apps such as Groupon, the Weather Channel and Google Play are mentioned in the article below, written by Elizabeth Dwoskin. The research comes at a time of increasing concern about electronic privacy. A 2014 Pew survey found that more than 90 percent of Americans feel they’ve lost control over personal data. While savvy users understand that using mobile devices entails some privacy tradeoffs – for example, a navigation app will reveal their location to the app’s publisher – most don’t realize the extent to which such information is collected and distributed, the researchers said.
The researchers recruited 23 users of Android version 4.3 from Craigslist and the Carnegie Mellon student body. Participants were allowed to use their own choice of apps after installing software that noted app requests for a variety of personal information; not only location but also contacts, call logs, calendar entries, and camera output. They weren’t told the purpose of the study and were screened to weed out people who had a technical background or strong views about privacy.
The researchers found that even apps that provided useful location-based services often requested the device’s location far more frequently than would be necessary to provide that service, the researchers said. The Weather Channel, for example, which provides local weather reports, requested device location an average 2,000 times, or every 10 minutes, during the study period. Groupon GRPN +0.46%, which necessarily gathers location data to offer local deals, requested one participant’s coordinates 1,062 times in two weeks.
“Does Groupon really need to know where you are every 20 minutes?” asked Norman M. Sadeh, a Carnegie Mellon professor who co-authored the study. “The person would have to be accessing Groupon in their sleep.”
Groupon and the Weather Channel did not respond to requests for comment.
App publishers have ample incentive to gather as much location data as they can. Marketers pay 10% to 20% more for online ads that include location information, said Greg Stuart, chief executive of the Mobile Marketing Association. In previous research, Sadeh and his colleagues found that when an app requests location, 73% of the time it shares the information with an advertising network.
Location data can make ads more relevant to consumers, by making it possible to draw inferences about what audience members are interested in, Stuart said. The data can be used to show an ad for a store to a potential customer who is nearby, a technique that boosts store traffic 40%, according to Mobile Marketing Association research. Or it can be used to present ads for store items to shoppers who are already inside. Users often aren’t aware that their location played a role in being shown a particular ad, Stuart added.
Among the software that handled the most location data were programs pre-installed on the device that couldn’t be easily deleted. Google Play Services, which distributes information to a variety of apps, computed location an average 2,200 times during the study period.
Google declined to comment.
In addition to tallying app requests for personal data, the Carnegie Mellon researchers explored a conundrum: Despite these widespread worries about information leaks, few users take actions that would plug them, such as downloading privacy software or adjusting their device’s settings.
The researchers sent to study participants a daily message – a “privacy nudge,” as Sadeh called it – telling them how many times apps collected their personal data. After receiving the nudges daily, 95% of participants reported reassessing their app permissions and 58% chose to restrict apps from collecting data.
Privacy nudges no longer can be implemented on Android. Operating system updates since the study was concluded removed the software that gave the researchers access to logs of app requests for personal information.