A new Georgia Tech study has found that in app ads are leaking users personal data to the developers of the mobile app itself. This could potentially give data miners a way to mine personal information by simply developing a free app with in app ads. Georgia Tech conducted the study on 200 users using a custom-built Android app and testing the Google Ad network. Due to “leakage” between the ad network and the app developers software, the app developer could gain access to personal data.
Researchers found that 73 percent of ad impressions for 92 percent of users are correctly aligned with their demographic profiles. Researchers also found that, based on ads shown, a mobile app developer could learn a user’s:
- gender with 75 percent accuracy,
- parental status with 66 percent accuracy,
- age group with 54 percent accuracy, and
- could also predict income, political affiliation, marital status, with higher accuracy than random guesses.
On desktop advertising is protected by the Same Origin Policy but according to Georgia Tech the same rules do not apply to mobile app developers.
“People use their smartphones now for online dating, banking, and social media every day,” said Wenke Lee, professor of computer science and co-director of the Institute for Information Security & Privacy at Georgia Tech. “Mobile devices are intimate to users, so safeguarding personal information from malicious parties is more important than ever.”
Georgia Tech has contacted Google about the mobile in app ad leakage issue and has given the company its research and findings.
“Free smart phone apps are not really free,” says Wei Meng, lead researcher and a graduate student studying computer science. “Apps — especially malicious apps — can be used to collect potentially sensitive information about someone simply by hosting ads in the app and observing what is received by a user. Mobile, personalized in-app ads absolutely present a new privacy threat.”
What do you think of this story? Let us know in the comments below or on Twitter, Facebook and Google+.