The study, conducted by researchers at Intel, Duke, and Penn State, looked at 30 of the most popular apps which request access both to the Internet and to location data, and found that half of them shared that location data with advertisers.
To be clear:
- The sample size of 30 is fairly reasonable for the narrow category of apps considered, but doesn’t say much about the Android Market as a whole.
- All Android phones explicitly tell users what information an app will have access to, and require their consent before the app can be installed.
The trouble is that when a user gives an app permission to access this information, he doesn’t realise he is also giving the app permission to distribute that information to third-parties. None of the apps in the study disclose this fact. We think they Google should demand that they do.
Here’s the statement we received from a Google spokesman:
On all computing devices, desktop or mobile, users necessarily entrust at least some of their information to the developer of the application. Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer. We also provide developers with best practices about how to handle user data.
When installing an application from Android Market, users see a screen that explains clearly what information the application has permission to access, such as a user’s location or contacts. Users must explicitly approve this access in order to continue with the installation, and they may un install applications at any time. Any third party code included in an application is bound by these same permissions. We consistently advise users to only install apps they trust.