Tag Archives: security

Ebook reading, travel, and other mobile apps may be leaking private data to Facebook

2019-03-25

Writers, ebook lovers, travelers, and anyone who is using downloaded applications on their mobile phones or tablets are silently leaking their personal data to Facebook. A research organization has published a study that shows how apps, including popular travel applications like TripAdvisor, Kayak, Yelp and Skyscanner continuously transmitted users’ private data to Facebook.

An earlier study indicated that 42.55% of free apps on the Google Play Store sent private data to Facebook without having users’ permission to do so. A recent study published in December 2018 discovered that at least 61% of tested mobile apps automatically transmitted personal data to Facebook the very moment the app is opened. The apps transmit a set of data to Facebook in every case: whether the user has a Facebook account or not, or whether the user is logged into Facebook or not.

Privacy International, a non-profit organisation based in London, conducted the research that discovered how extensive the leaking of private data from mobile apps is. The study focused only on Android apps downloaded from the Google Play Store, and their silent background connection to Facebook.
Kayak app screen capture
Privacy International tested many types of apps, trying to find out if they connected to Facebook servers. For instance, all tested travel applications – Tripadvisor, Yelp, Kayak, and Skyscanner (as reported by Skift) – sent data to Facebook. In addition, Kayak and Skyscanner also sent user’s Google ad id to Facebook. This, however, is not the only nasty problem travel booking apps have: they are also seriously troubled by fake reviews and misleading travel product information.

Four months after the Privacy International research paper was published, some apps were re-tested. Cnet reported that Yelp, Duolingo, Indeed, and a few religious apps were still sharing user data without having a permission to do so. Music library Spotify, and travel apps Skyscanner and Kayak don’t automatically connect with Facebook anymore.

Mobile apps send plenty of data to Facebook in the background

The report concludes that the largest set of data was leaked by the Kayak app. User’s private information that Kayak provided to Facebook included:

When the search was done
Name of the app
Google advertising id
Departure city, airport, and date
Arrival city, airport, and date
Number of tickets, including number of children
Class of tickets (economy, business or first class)

Facebook hasn’t told exactly what it does with the data it receives from the apps. The peculiar thing with this discovery is that the apps send user data to Facebook. It doesn’t matter if the user has a Facebook account, the data is always transmitted to the social media giant.

Nonetheless, Facebook explained how the data is collected. The company provides application developers with programming tools – a Software Development Kit (SDK) – that they can use, for instance, for identifying the user, for getting statistics, and for displaying ads in the app. Once a programmer includes the Facebook provided identification in the app, it starts sending data to the social media service databases.

The major observations of the Facebook data leak study

Observation 1: at least 61 percent of apps tested automatically transferred data to Facebook. This concerns all users – with and without Facebook account, or whether they are logged into Facebook or not.

Observation 2: Many apps send the user’s unique Google ad id to Facebook as well. It is an ad targeting id that is unique to the user. Using this id and data from apps, the user can be identified.

Observation 3: Some apps continuously send Facebook data that is detailed and often sensitive. Travel booking app Kayak was a prime example of this activity (as listed above).

Observation 4: For a normal mobile app user, it is practically impossible to prevent apps from sending data to Facebook. The research report proposes a high-tech solution that involves installing a firewall on the phone that can prevent traffic to specified addresses (using a firewall app such as AFWall+ or NetGuard). Changing Facebook’s privacy settings did not prevent tracking.

Tips for preventing apps from leaking private data to Facebook

tripadvisor app on phone, screen shot

The safest option is not to install an app at all, especially if an alternative exists.
Once an app has been downloaded, and the app is opened on the mobile device, there is practically nothing a user can do to prevent it from leaking data. Installing and configuring a firewall is something an ordinary people won’t do.
In some cases, accessing a social media or another service in a browser can be a safer alternative than an app. The research team tested the Opera browser, and discovered it doesn’t send data to Facebook. Dropbox is application that keeps your data away from Facebook’s databases as well.

Change to a phone that is running on secure operating system
The research argues that Google is even bigger private data collector than Facebook. To stop Google and Facebook getting your personal data, finding a phone that doesn’t run on Android is an option. Apple iPhone is the major brand that also claims they care about customers’ privacy. Even Apple can’t completely prevent independent apps from sending data to other parties.
The best choice is to change to an open source software that has been reviewed by experts. One of them is /e/ (eelo) operating system, but at the moment, it requires an experienced techie to install it on a phone.

GDPR will affect rogue practices
The European Union online privacy regulation known as GDPR has been in effect since May 2018. The first court cases that define how it is applied have been started. Regarding GDPR, Facebook argues it is the application developer’s responsibility to manage it follows the GDPR rules. GDPR is intended to protect people from businesses that are collecting their data without permission, so the laws will have an impact on these malpractices sooner or later.

The best tools that can replace Google services for privacy-minded people

2018-12-26

I don’t know about you, but I find it extremely annoying when I’m researching, say, New Zealand for an article or a book, and suddenly I’m bombarded with ads of hotels in the destination. Privacy is an important factor why many colleagues have given up Google products, whereas frequent travelers have fed up with Google’s inability to manage travel access to its services. In this article, you will find the best privacy-tested alternatives to Google services.
Google services symbols
Google’s (as well as Facebook’s and many other big internet companies) business model depends on sucking users’ private and non-private data, using it for ad targeting, and selling it to other companies. This is why Google will collect your data even if you specify in product settings that you don’t want to be tracked. So, the safest choice is to switch to another product.

The best user-recommended products to replace Google’s online services

No More Google web site has collected a long list of alternative products that can replace Google products. The alternative products and services are recommended by internet users who have realized they must manage their privacy themselves (and not leave it to big internet companies). Here are a few of the popular choices:

  • Google Search – DuckDuckGo is the most liked privacy-enabled search engine.
  • Gmail – Protonmail is the most recommended email system.
  • Google Chrome – Firefox is the most recommended alternative product to the Google web browser.
  • Google Maps – Openstreetmap
  • YouTube – Vimeo
  • Google Drive – Dropbox
  • Google Docs – Notion
  • Google Analytics – Matomo
  • Hangouts – Telegram
  • Blogger – WordPress
  • Google+ – the social media service is closing in April 2019.

 

In addition to DuckDuckGo search engine, Qwant and StartPage are good alternatives as well. For browsers, Opera and Vivaldi are good choices, too.
Qwant search engine home page

Replacing Google hardware with privacy-friendly products

Google is also marketing hardware products, such as smartphones and home gadgets. That’s not all, because operating system software is closely related to hardware. Operating systems are built in to hardware products. That’s why it makes sense to pay attention to the operating systems as well, because companies like Samsung, LG, Nokia, Huawei and others use a Google operating system in their phones and tablets.

Here are a few alternative products to Google hardware products and operating systems:

  • Android – the most viable alternatives at the moment are Purism Librem 5 smartphone (built on open source Linux) and open source project /e/ that has released a beta operating system for smartphones.
  • Chrome OS – any desktop Linux, like Ubuntu, Manjaro or Mint is an alternative to the Google operating system (although Linux desktops have not been designed exactly for the same purpose).
  • Google Pixel smartphones – We may have to wait until Purism gets its Liberm 5 phone to the shops, or the /e/ foundation manages to convince a hardware manufacturer to factory-install the /e/ software, so that we can buy a phone that doesn’t leak data to Google.
  • Pixel Slate tablet/laptop – a sleek laptop running on Linux is an alternative to the Google tablet/laptop.
  • Google Assistant – voice assistants require computing power that is usually provided by big server computers in data centers. Amazon Alexa, Apple Siri, Microsoft Cortana all work in the same manner, so it is a choice of brand you trust the most.
  • Home Hub – Google home automation products communicate with this tablet-like device. It knows everything that is going on in the system. If it is connected to the internet, privacy and security risks are inevitable. The best alternative is the brand you trust the most.
  • Nest – all gadgets that control and monitor home lights, alarm system, heating and other functions, and are connected to the internet have security and privacy risks.

Purism Libr smartphone
Purism Librem 5.