In a recent report published by Bleeping Computer, it has been revealed that devices of millions of Android users around the world might have been compromised owing to the popular apps sharing persistent data along with ad IDs.
According to AppCensus, well over 18000 applications on Google’s Play Store were found to be in violation of its Advertising ID Policy.
The California-based organization aims to provide users with a better understanding of how mobile apps use their data. The study found that popular applications with millions of downloads such as Clean Master, Subway Surfers, Angry Birds Classic andFlipboard had been sending persistent identifiers such as IMEI numbers, SIM card serial numbers, WiFi MAC addresses, etc., along with ad IDs.
This breach in policy has undermined the ad ID’s privacy-preserving properties and exposed some serious flaws in Google’s privacy policies.
A similar breach by Uber in 2013 had led to CEO Tim Cook threatening the company with removal from the App Store. The sharing of non-resettable persistent data by applications leaves users vulnerable to a wide range of security risks.
This data can be used by developers for tracking and targeted advertising even after users have reset ad IDs. At present, the data is being used to either track how users interact with ads or to place ads within various mobile applications.
Google needs to take a tougher stance when it comes to Privacy Violations
Google has not yet responded to the policy violations uncovered by AppCensus that had been shared in September last year. This lack of a response does raise quite a few questions about how serious the company is when it comes to preserving the privacy of user data. Though the company has become stringent with apps over the years and has suspended thousands of applications that did not comply with its data and privacy policies, the question still remains, is it enough?