In Mobile Apps, Free Ain’t Free, But Cambridge University Has A Plan To Fix It

The issue of information privacy around free services like some mobile apps and social networks has often been met with a rebuttal from the other side of the argument: if the service is free, you the user are the product, and so you shouldn’t be surprised when your information is “sold” as part of that business model, the so-called “hidden cost” of free.

That can seem like an uncomfortable arrangement, however, so now some academics at Cambridge University in England are coming up with a way of fixing that, and are revealing some striking research about data collection in apps as part of their effort.

If you are among those concerned by how your information is shared, app stores are a ripe target. Focusing on the Android Market, the researchers devised an API to analyze free and paid apps in the store. Combing through more than 250,000 of them, they found that 73 percent of the apps were free, and that of those, 80 percent relied on targeted advertising as their main business model.

Within those apps using targeted ads, the Cambridge researchers found that 70 percent of them are collecting data that is not relevant to the apps themselves.

Free applications are far more popular in terms of downloads, they note: only 20 percent of paid apps get more than 100 downloads and only 0.2 percent of paid apps have more than 10,000 downloads, while 20 percent of free apps get 10,000 or more downloads. Still, not even paid apps are immune to superfluous data collection, it seems: 40 percent of them are collecting information that isn’t actually needed for the app to work.

Some examples: within the comics category, 35 percent of free applications requested access to a user’s location; in other cases, games collected a user’s phone number and contacts. Other “sensitive” data collected by apps that is not actually needed for the app itself to work included access to a user’s messages (e-mail/sms), contacts, calendar, phone number and IMEI.

The issue with blocking everything that is not needed, though, is that it would impact how developers could build a business on free apps. That’s where the Cambridge researchers a proposing a solution: separate app information from ad information, and make sure that the ad networks get only what they need to work, and nothing more. Their term for this is “decoupling”.

“Then the apps wouldn’t use ads as an excuse to collect information,” explains Dr. Ilias Leontiadis, one of the researchers. “An app would collect just what it actually needs.” Taking the idea further, personal information that was not necessary for an ad to display would get automatically blocked.

The problem with the current model, he says, is that developers are responsible for the collection of everything, including location, demographics and the rest, which they subsequently forward to the advertising networks. “You don’t know if the data is for the app or the advertiser, and you don’t know how it would be used.”

Leotiadis says a service that separates the information could take the form of a filter that comes in an app itself, or potentially could be incorporated into a mobile platform to work by default: Leontiadis says he would prefer to see a platform provider offer this by default. In any case, he doesn’t think it would be realistic to ask developers to manage this themselves: “There are over 52,000 developers in the market but only eight big ad networks,” he says. “It’s easier to control those networks than those developers.”

Notably, Cambridge’s investigation focused only on the Android Market. Leontiadis tells me that is because of how Google has set up permissions requests for users: these come up every time a user downloads an app — problem being that people tend to click OK without really looking at what they are agreeing to, he noted. Apple, in contrast, manages these independent of each download, and so would be more difficult to track.

[Image: kalbusta on Flickr]