The shady side of popular apps
There have been plenty of news stories about user tracking over the past couple of years – websites, ad tech, social networks… but one area of online tracking that has avoided much serious exposure is what happens behind the scenes of your favourite smartphone apps.
It’s come to the fore this week as news broke about the sheer number of apps recording user interactions. Yes, many companies – like Expedia and Hotels.com – recorded every tap and swipe inside their apps
using third-party tools. And none told users they were doing it, even in the small print nobody reads.
Interaction recording tools are generally used to improve user experience by highlighting where users get into trouble with the interface, but they can lead to security problems.
“Even though sensitive data is supposed to be masked, some data — like passport numbers and credit card numbers — was leaking,” wrote TechCrunch’s Zack Whittaker.
While it’s easy to use apps like Ghostery
to see what trackers are in use on the websites you visit, third-party tracking code used by app developers tends to be completely hidden from users. That also allows developers to add secret monetisation methods like selling users’ location
Ad blockers are a popular way of stopping unsavoury tracking on the web, but they don’t work on code hidden deep in apps.
Apple is telling developers to remove code
that tracks user interactions where it’s not explicitly revealed to users. This is encouraging, even though the company is simply enforcing its existing rules. And it’s worth noting iOS is far more locked-down and heavily policed than Android is.
Let’s hope journalists keep the pressure up to make sure all in-app tracking is explicitly opt-in, and clearly explained.