How Invasive Are Your Apps? PrivacyGrade Highlights Privacy Concerns and Grades Apps

By Nathan Kirsch

PrivacyGrade

Many smartphone users install dozens of free apps on their phones, but do you know what they do once they are installed? There are over one million Android apps and when you install them to your device it often allows the app maker to pinpoint your location and even share your contact lists with third partied without having to alert you since you signed the license agreement when the app was installed. It is hard to know what your apps monitor about your daily life, so the folks over at Carnegie Mellon University came up with a system that assigns letter grades to over one million apps to let you quickly know how they rate when it comes to your privacy. The project results is free to the public and can be accessed on the PrivacyGrade.org website.

“These apps access information about a user that can be highly sensitive, such as location, contact lists and call logs, yet it often is difficult for the average user to understand how that information is being used or who it might be shared with,” said Jason Hong, associate professor in the Human-Computer Interaction Institute, who is leading the research project in the Computer Human Interaction: Mobility Privacy Security (CHIMPS) Lab.

“Our privacy model measures the gap between people’s expectations of an app’s behavior and the app’s actual behavior,” he said. “Most people expect apps such as Google Maps to be able to access their location, but most are surprised and troubled to learn that a game accesses their location.”

controversial-apps

What are some of the worst apps? Fruit Ninja, Despicable Me, Drag Racing and My Talking Tom all got D-grades and the massive hit Angry Birds got a C. Of the 1+ million apps looked at by Carnegie Mellon University less than 1,000 for the worst rating, which is a D. We aren’t sure why the worst grade isn’t an F, but maybe they are saving that for apps that take over your phone and try to kill you or something. Let’s take a look at why Fruit Ninja that received a pitiful D-grade.

fruit-ninja-permissions

It appears that Fruit Ninja knows your user account information, read your system logs, logs your precise location, has full network access and can modify the contents of your USB storage.

libraries

There are also a ton of third party libraries used by the app. Seeing Facebook listed on there shouldn’t surprise anyone, but we were a bit shocked to see six different ad libraries that are used to monetize the app. These are the guys that are delivering targetd advertising to your smartphone based the information the app is recording about your movements, habits and so on. How much of your personal data are Facebook, Admob, GreyStripe, Inmobi, Millennialmedia, Mobclix and Mopub getting? The project doesn’t say, but remember when you aren’t paying for something you are the product.

PrivacyGrade isn’t an Android app. You’ll need to visit the web site and search for apps you are considering downloading or have already downloaded. We aren’t sure how often PrivacyGrade will be updating their findings as apps change daily, but it is a web site that we highly suggest visiting if you care about your privacy. It is your location information and contact lists that are being used to make others rich with targeted advertising after all!