Privacy Protection Bypassed for Android Apps

Lead researcher Serge Egelman from the International Computer Science Institute (ICSI) discovered users of some Android apps who wish to opt out of data collection may still have their information collected as a permanent record for advertising purposes and targeting. Google’s policy requires developers and advertisers refrain from connecting advertising IDs and other persistent identifiers; however, Egelman found that they are ignoring and violating policy and collecting data tied to the user, device, and online activity—all without the user’s consent. These policy violations raise privacy concerns and GDPR issues. Google’s response at the time of this writing said that it will constantly review the apps and take action when they are not in compliance with their policies. The NJCCIC recommends users proceed with caution before downloading and installing apps from non-reputable sources, and changing the advertising IDs to clear out web browsing data. ICSI’s findings can be found in their press release and the CNET blog post.

AdvisoryNJCCICAndroid