Hundreds of Android Apps Have Hidden Trackers
Three-quarters of more than 400 popular Android apps contain under-the-radar tracking software, a new report finds.
Worried that your smartphone apps may be tracking you? You should, according to a new report that found dozens of tracking tools in hundreds of Android apps in the Google Play Store.
There's even an interactive website that lets you check which trackers your favorite Android apps run. A few apps have none; many have only diagnostic trackers; but some have seven or eight trackers, including some that track your physical location and others that share your user behavior with third parties.
Users of iPhones have no reason to gloat, as their apps may have just as many trackers. It's just that the researchers, from Yale University's Privacy Lab and the French nonprofit organization Exodus Privacy, couldn't get permission to analyze iOS apps.
"Many of the same companies distributing Google Play apps also distribute apps via Apple, and tracker companies openly advertise Software Development Kits (SDKs) compatible with multiple platforms," the Yale report notes.
To safeguard your privacy, keep only those apps that you regularly use installed on your smartphone. Delete those apps or games you're done with. Android users should always examine an app's permissions before they install it; if a game wants to take photos or make phone calls, that should raise a red flag.
MORE: Protect Your Computer with This One Simple Trick
Yale Privacy Lab and Exodus Privacy analyzed more than 400 Android apps and found that about 75 percent contained tracking software. (Among those that didn't: apps for AdBlock Plus, 1Password, Apple's Move to iOS, the Brave browser, Kodi, Lego Star Wars Yoda II, Netflix, Signal Private Messenger, Waze, Private Internet Access, the privacy-conscious search engine DuckDuckGo, Dropbox, TunnelBear VPN and Trump International Hotel Las Vegas.)
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
Quite a few apps, including those for ProtonMail, Telegram Messenger, Twitter and Wikipedia, had only one or two diagnostic trackers such as CrashLytics or HockeyApp, which seem to be designed to transmit the causes of app crashes to developers. Those seem benign to us.
But most apps had at least four trackers, many of them designed to analyze user behavior and target ads. The apps with the most trackers that we could find (we didn't check them all) included those for Imgur and the French radio station NRJ Radio, which each had eight trackers. Apps for CVS Pharmacy, The Weather Channel, Super-Bright LED Flashlight, ESPN, WeatherBug and the rival French newspapers Le Figaro and Le Monde each had seven trackers.
There were some surprises. Users of the CyberGhost VPN service might not be pleased to learn that its Android app includes the Loggly tracker, which appears to collect anonymized user data and share it with third parties. The Firefox browser app includes Google's DoubleClick ad tracker and the LeanPlum marketing platform.
NordVPN includes DoubleClick and TUNE, which tracks user behavior. LastPass includes DoubleClick. The Christian dating service Christian Mingle includes App-Boy, which collects social-media activity and shares it with third parties. The app for Ghostery, a privacy service that provided this study's authors with much of the information about trackers, itself contains Flurry as well as CrashLytics.
On the upside, Candy Crush Saga included only DoubleClick, and Temple Run had only DoubleClick and its Yahoo-owned equivalent Flurry.
In its press release, Yale Privacy Lab said these findings showed the need for "increased transparency into privacy and security practice as it relates to these trackers," adding that all smartphone users "deserve a trusted chain of software development, distribution and installation that does not include unknown or masked third-party code."
Best Identity Protection Services
Best Overall
Get it. IdentityForce UltraSecure+Credit is the best overall service for both credit monitoring and identity protection. It also protects your account with two-factor authentication.
Best Data Monitoring
It's worth it. Get LifeLock Ultimate Plus if you're very worried about having your identity stolen and you also need antivirus software. But you can get better credit monitoring for less with IdentityForce UltraSecure+Credit.
Best Tools
Good, but not the best. Identity Guard isn't bad, but for about the same price, IdentityForce UltraSecure+Credit offers more comprehensive personal-data and credit-file monitoring.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.