Forensic Investigation: The Shocking State Of Privacy In Safety Apps
posted 2:50 pm 18/05/2020 in
REALITY has 24283 posts, 9327 threads, 218 points, location: Don’t believe what I post - Research what I post.
I want to be the reason you get out of bed in the morning...Even if it is to make sure the door is locked.
Forensic investigation of 20 popular iOS safety apps reveals that every single one, with the exception of Parachute, sends customer information to data collection companies, usually for the purposes of tracking, marketing, analytics and advertising. Customer information is being sent to data collection companies mostly without customers’ knowledge and with no way for customers to see it, delete it, control it, or revoke access to it. Because most data collection tools are embedded within the safety apps themselves, deleting cookies or maxing out iOS’s privacy settings has no effect in stopping this data collection. This report presents our findings and analyzes the risks inherent in this pervasive practice.
Earlier this year, Gizmodo revealed that Tinder-affiliated safety app “Noonlight” “Is Sharing Your Data With Ad-Tech Companies”. Similarly, the Electronic Frontier Foundation (EFF) revealed that the “Ring Doorbell App [Is] Packed with Third-Party Trackers”. Buzzfeed News exposed how “Popular VPN And Ad-Blocking Apps Are Secretly Harvesting User Data”. And the Washington Post revealed that “Citizen, the app for location-based crime reports [...] repeatedly sent my phone number, email and exact GPS coordinates to the tracker Amplitude”. The repercussions of this large-scale data harvesting are felt beyond the online world, with leaked location data being tied to the spot of a brutal homicide.
On the heels of this barrage of news reports, we decided to conduct a forensic investigation of the 20 most popular iOS safety apps we could find. The apps were selected based on the following criteria: 1) they were among the top 20 search results for safety-related terms on Google or the App Store; 2) were apps that people could use to get help in an emergency. Because Apple does not provide the number of downloads per app, we used the number of ratings to rank app popularity.
We were shocked to find that every single app, with the exception of Parachute, sends customer information — at minimum, their IP address — to at least one data collection company, usually for the purposes of tracking, marketing, advertising and analytics. We are summarizing our findings below, and also making the data available for download in JSON format.