Today, the issue of security is particularly acute. Our whole life is stored online, and experts are looking for new ways to protect and encrypt data.
Northeastern researchers, led by assistant professor David Choffnes, tested popular messenger apps and internet browsers for security and published a research. Choffnes compared free apps and web services on Android and iOS mobile devices in terms of protecting user privacy. In particular, the professor’s team investigated the extent of user information leakage — from date of birth and location to passwords — to advertisers and data analytics companies.
Generally, mobile apps are considered to leak much more personal data than Internet browsers. However, research has shown that websites let more than a few different types of information leak in almost 40% of cases.
At the same time, the researchers proved that the level of leaks varies greatly depending on the platform. So, websites are most often prone to collecting user location data, while mobile apps collect unique device identification numbers.
Most often, users are not even aware that third parties use the data provided to the apps. The location, first and last names, gender and date of birth, email address and even an email password often fall into the hands of third-party services, sometimes even completely unfamiliar to the Internet user.
The study offers the following findings:
Should apps be used instead of mobile websites? There is no clear-cut answer. Choffnes mentions earlier that mobile apps are expected to leak more PII; however, in 40% of the tests, mobile websites leaked more types of information.
What information leaks from each media type? Testing found that names and locations leaked more from mobile websites. And as can be expected, only mobile apps leaked unique identifiers and device-specific information.
Websites directly contact more trackers and advertisers than apps. The research paper’s authors state, “Web sites often include content from multiple advertisers and third parties, and cause browsers to redirect through several more via real-time bidding. In contrast, most apps include a single advertisement library, which contacts fewer domains.”
How much tracking is common between mobile apps and mobile websites for the same service? Mobile apps and mobile websites can and do leak locations, names, gender, phone numbers, and email addresses.
David Choffness and his team believe that there is currently no single answer to the question — which platform is best for all users. Researchers have come to this conclusion after analyzing the 50 most popular free online services in various categories, including most well-known entertainment and business apps.
The research authors hope that the results will allow starting a dialogue between consumers and online services about the types of information that should be collected, balancing between the needs of users and the level of privacy they need.