A new computer program developed by Jianwei Niu, associate professor of computer science at The University of Texas at San Antonio (UTSA), Xiaoyin Wang, assistant professor of computer science at UTSA, and their research team detects whether the privacy policy attached to phone applications is truthful in its gathering of information from its users.
“The question is what kind of data are these apps collecting for marketing and other reasons beyond the purpose of functionality,” Niu said.
Niu and Wang’s project focuses on Android phone apps, due to their wide market share. However, Niu insists that the project’s main purpose is to keep apps honest.
“When you download an app on an Android phone, a message appears that displays what kind of data it needs for functionality,” Niu said. “But there’s also a privacy policy you can click on that describes what kind of data it collects beyond those purposes.”
To test whether these privacy policies jibe with the actual user data the apps collect, Niu and Wang created their own verification software. The pair analyzed the behavior of hundreds of Android apps. They found that in many cases, apps were collecting more information than they claimed to be.
“It’s very useful for the user and the company that makes the app,” said Ram Krishnan, associate professor of electrical and computer engineering at UTSA and Microsoft President’s Endowed Professor, who aided in the program’s development. “The user is made aware of the exact kind of data being taken from their phone. And on the other side, the app developer is covered knowing that the app is collecting exactly what it’s meant to. Because of a disconnect, the app can many times take more information than the developer is aware of.”
In many cases, the extra information is used for direct marketing purposes, but e-mail addresses and phone numbers poached from the average person’s phone can be very valuable for external advertisers. Niu and Wang found several cases in which an app collected unnecessary data and sent it directly to a third party.
“It can be tricky,” Wang said. “Sometimes you actually want this information to be shared so you can take advantage of a good bargain, but at the very least you want to be able to know what is being collected so you can be certain it doesn’t end up in the wrong hands.”
Niu, Wang, their collaborator, Travis Breaux, associate professor of computer science at Carnegie Mellon University, and their team are currently exploring many options for their program, including integrating it into Google Play and uploading it as an app for users or developers to utilize.