18,000 Android Apps Track Users by Violating Advertising ID Policies

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
18,000 Android apps with tens or hundreds of millions of installs on the Google Play Store have been found to violate Google's Play Store Advertising ID policy guidance by collecting persistent device identifiers such as serial numbers, IMEI, WiFi MAC addresses, SIM card serial numbers, and sending them to mobile advertising related domains alongside ad IDs.

The issue here is that, while some of the companies behind these apps will most probably say that they're not actually using persistent device identifiers for ad targeting, they are still violating the Google Play Store Advertising ID policy guidance.

Sending non-resettable identifiers besides the ad ID is especially worrisome considering that it effectively removes "the privacy-preserving properties of the ad ID" as explained in a report published by AppCensus.

To further illustrate why this is an issue, Appcensus' Serge Egelman says that "in 2017, it was major news that Uber’s app had violated iOS App Store privacy guidelines by collecting non-resettable persistent identifiers. Tim Cook personally threatened to have the Uber app removed from the store."

If you are interested for more information > 18,000 Android Apps Track Users by Violating Advertising ID Policies
 
F

ForgottenSeer 58943

Not surprise anymore because it is Google, Internet. USA, government, and company. No privacy anymore.

Only way to make it 100% anonymous is to live in the jungle.

Really all you can do is limit the exposure, and strongly secure that which is important. Your financials, family stuff, you can pretty much encrypted and secure that so nobody can dig into that without a court order and home search warrant. But everything else? I'd really just focus on limiting exposure and not become paranoid about it.

I was recently retained as a consultant(night job) by a well off lady being heavily doxxed, stalked and harassed. It had become personal, and had the potential to become dangerous. It was certainly financially motivated and they even had a fake-psychic do a reading on her at a party she was at who sounded like she had a direct connection to God, but in effect, it was just some fairly nice search activity. Nevertheless, I redacted 90% of her exposure/data/information off of every search engine and website within 14 days. The other 10% is more of a problem, and will require a bit more time and effort. But my point is, it's easier to keep your data/information/privacy contained to begin with than it is to try and reign it all back in later.

I have no searchable/researchable information on any search engine, data broker, or data clearinghouse. That's because I've never let my information get out of control to the point I can't reel it back in quickly and I limit additional potential issues by utilizing obfuscation. NONE of that is difficult, and it's a wise precaution and should be encouraged early on with your children ( if you have them ). Heck, it should be a class in school on how not to allow yourself to become an internet victim.
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Really all you can do is limit the exposure, and strongly secure that which is important. Your financials, family stuff, you can pretty much encrypted and secure that so nobody can dig into that without a court order and home search warrant. But everything else? I'd really just focus on limiting exposure and not become paranoid about it.

I was recently retained as a consultant(night job) by a well off lady being heavily doxxed, stalked and harassed. It had become personal, and had the potential to become dangerous. It was certainly financially motivated and they even had a fake-psychic do a reading on her at a party she was at who sounded like she had a direct connection to God, but in effect, it was just some fairly nice search activity. Nevertheless, I redacted 90% of her exposure/data/information off of every search engine and website within 14 days. The other 10% is more of a problem, and will require a bit more time and effort. But my point is, it's easier to keep your data/information/privacy contained to begin with than it is to try and reign it all back in later.

I have no searchable/researchable information on any search engine, data broker, or data clearinghouse. That's because I've never let my information get out of control to the point I can't reel it back in quickly and I limit additional potential issues by utilizing obfuscation. NONE of that is difficult, and it's a wise precaution and should be encouraged early on with your children ( if you have them ). Heck, it should be a class in school on how not to allow yourself to become an internet victim.


Or you could just move to the jungle.
 

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,706
Really all you can do is limit the exposure, and strongly secure that which is important. Your financials, family stuff, you can pretty much encrypted and secure that so nobody can dig into that without a court order and home search warrant. But everything else? I'd really just focus on limiting exposure and not become paranoid about it.

I was recently retained as a consultant(night job) by a well off lady being heavily doxxed, stalked and harassed. It had become personal, and had the potential to become dangerous. It was certainly financially motivated and they even had a fake-psychic do a reading on her at a party she was at who sounded like she had a direct connection to God, but in effect, it was just some fairly nice search activity. Nevertheless, I redacted 90% of her exposure/data/information off of every search engine and website within 14 days. The other 10% is more of a problem, and will require a bit more time and effort. But my point is, it's easier to keep your data/information/privacy contained to begin with than it is to try and reign it all back in later.

I have no searchable/researchable information on any search engine, data broker, or data clearinghouse. That's because I've never let my information get out of control to the point I can't reel it back in quickly and I limit additional potential issues by utilizing obfuscation. NONE of that is difficult, and it's a wise precaution and should be encouraged early on with your children ( if you have them ). Heck, it should be a class in school on how not to allow yourself to become an internet victim.

If the government wants your data really bad, they can get it multiple ways easily. Same with the company that got force by the government to collect consumer data for " analysis" and " protection". Not a lot of people care about privacy these days anyway because " I got nothing to hide and I am not going to do any illegal activity anyway."

A lot of people are still using Google search engine despite the fact that Google search engine harvest your data, but people are still using it anyway.

Public VPN is not going to protect you from the government. Any public VPN will have to force to handle data over if the government ask for it.
 
  • Like
Reactions: Weebarra
F

ForgottenSeer 58943

General privacy discussion for general privacy protection shouldn't include governmental discussions. That's an entirely different subject requiring vastly more diligence and resources to protect yourself from. US Citizens are fully protected by the constitution, rendering all data collected as inert trash since it cannot be used for anything actionable without the govt. breaking Federal, State and local Law as well as an individuals civil rights.

I do not believe it is productive lumping general privacy and protection practices in with govt. discussion as a result of that. Side note: Govt. does heavily utilize corporations and social media in ancillary intelligence gathering, especially against high profile potential targets of suppression and interdiction. For example it's pretty clear major factions within the FBI and Justice Department were plotting a coup against the elected president, and as such there was probably significant intelligence gathering operations surrounding that. Thus indicating that even with Constitutional Protection, Rogue Un-Elected officials in large, unfettered Bureaucracies pose a significant risk to our freedoms.

But the average Joe should never be concerned with such matters.
 
  • Like
Reactions: Weebarra

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
...it's pretty clear major factions within the FBI and Justice Department were plotting a coup against the elected president, and as such there was probably significant intelligence gathering operations surrounding that.

Oh my.

Again, just more reason to flee to the jungle.
 
  • HaHa
Reactions: CyberTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top