Immediately after installation on a smartphone, mobile applications begin to collect information, requesting permission to access the prog...
Immediately after installation on a smartphone, mobile applications begin to collect information, requesting permission to access the programs and finding out the personal data of users. In this case, even if we are careful and do not give such permissions, there is a way by which most applications can still secretly receive information.
Photo: digitaltrends.com
As you know, each application includes a set of development tools (SDK). To better understand, imagine an application in the form of a Lego house, each block in which is a separate module. Developers program unique application blocks, such as design and features. However, components such as advertising and analytics are usually not built into the “home”. Third parties that already offer these services are involved in their role. All that remains for developers to do is to include ready-made services in their applications. Thus, in recent years, SDKs have increasingly been playing the role of loopholes by which different companies collect our data.
According to a study by Oxford University experts, nearly a third of all applications on the Play Store is associated with at least ten third-party SDKs, and every fifth application sends information to twenty SDKs. In the case of widespread free applications, this figure is even higher. For example, the Tinder application is associated with 51 SDKs, Airbnb with 41, and ESPN with 40.
Most SDKs collect information that we usually don’t attach importance to. They track our actions within applications, the places where we spend most of the time, advertisements that we pay more attention to and so on. However, such “harmless” actions can do great harm to our privacy.
According to the same study, 88% of applications sent information to companies owned by Alphabet (the parent company of Google), and 43% - to services owned by Facebook.
Thus, acting through hundreds of thousands of SDKs, companies like Facebook and Google get the opportunity to customize our digital profile in their database and send us targeted advertising. For example, if a woman in position installs a maternity app on her smartphone, very soon she begins to see advertisements for baby products.
Developers justify the SDK by stating that all data is stored anonymously, and confidential information (such as phone numbers) is never transmitted. In fact, large companies have the ability to access information in our digital profile. The application may not tell the SDK your name or email address, but it can be calculated independently by comparing it with the information already available.
It is also worth noting that data sent to the SDK is not always encoded. Kaspersky Lab experts found that 4 million Android applications send information about users in unencrypted form, including names, phone numbers, email addresses, and even GPS coordinates.
Another factor that allows the SDK to transmit information is that all permissions are hidden in the Application Privacy Policy, and often developers cannot clearly explain what users give permission to. In addition, application security settings do not apply to third-party SDKs, which leaves people no choice.
Interestingly, up to Android 10 SDKs, they could transfer permissions between two applications that were not connected to each other. For example, if application A has permission to determine the location, and application B does not, but both use the same SDK, then application B is likely to use resolution A and collect GPS data.
Thus, our privacy directly depends on the weakest link in the application chain, and in the case of smartphones - this is the SDK. Unfortunately, this cannot be changed at the moment. Let's hope that the next versions of Android and IOS will have better protection from third-party trackers.
