What is the price of free?

Mar 06, 2012
Android. Credit: University of Cambridge

Scientists from the Computer Laboratory at Cambridge University have designed a method to improve privacy control in the Android apps market. The method reaches a balance between the need for developer’s revenue and the need for user’s privacy.

As the market expands, it has become a question of freedom versus control in the app market. Security is playing catch-up, as the breaching of personal privacy increases due to a deluge of malicious software being released into the marketplace.

In a recent case, the social network Path found itself at the centre of fierce controversy, after accessing and uploading iPhone users’ contact databases without their permission.

Smartphone apps provide useful services. However, there is a hidden cost, often unknown to the user – developers collect information about the user without their full knowledge. Apps can access your contact numbers, track your current location, view your web history and then share this data with mobile ad networks.

As a result of growing concerns about users’ data privacy, the United States White House has released a first draft of a Consumer Privacy Bill of Rights which aims to give consumers the right to exercise control over what personal data companies can collect and how they use it.

To understand the privacy implications of mobile , the Cambridge team wrote a programme that was able to collect and analyse the metadata of 251,342 applications available on the online market.

The Android market consists mainly of free applications (73%). The analysis revealed that 80% of those are supported by targeted advertisements. Furthermore, free applications are far more popular in terms of downloads as only 20% of paid apps get more than 100 downloads and only 0.2% of paid apps have more than 10,000 downloads (compared to 20% of free apps).

At the same time, based on the results of this study, free apps request significantly more permissions to access sensitive information such as the user’s location, messages (e-mail/sms), contacts, calendar, phone number and IMEI. This includes, for example, 35% of free applications in the “comics” category that request access to the user’s location, or games asking for the user’s phone number and contacts (just to name a few).

In fact, more than 70% of free apps request one such “dangerous” permissions compared to just 40% of paid applications. Although the Android market raises alerts for applications that require dangerous permissions, this analysis revealed that these alerts have no impact on the decision of users to download applications. Indeed, the number of downloads for a given application appears to not be correlated to the number of dangerous permissions they request.

Free applications request additional information merely to support their own revenue as mobile advertisements typically capture personal information in order to profile the mobile phone user and deliver relevant advertisements to the mobile phone. However, as the media stories have revealed, not all of the 52,680 developers can be trusted. The problem with the current app model is that the developer is responsible for collecting as much information as possible and forwarding it to the advertising networks in order to display these targeted advertisements.

Dr. Ilias Leontiadis and Dr. Christos Efstratiou, from the Computer Laboratory at the University of Cambridge, said: “Various researchers have proposed ways of protecting privacy in the past, by either blocking information or giving fake information to the mobile application. However, if we follow this paradigm this would significantly reduce the number of free ad-supported applications that are available today. In our work we have tried to design a new approach that can reach a balance between the need for developer’s revenue and the need for user’s privacy.”

The new model is based on applying a more sensitive approach to . The process focuses on ‘decoupling’ (separating) privacy control between the application and the advertisement support component, where two separate flows of information are allowed: one towards the application/developer and one towards the ad-networks.

The ‘decoupling’ allows the specification of distinct privacy requirements for the two entities. For the application, this allows the specification of privacy requirements that are directly related to the actual service offered by the application. For the ad-network component, the distinct flow of private information can allow the implementation of control techniques specifically designed to support an ad-driven market.

Dr. Ilias Leontiadis, said: “We’ve developed a method that can control how much personal information is released to advertisers depending on the revenue that a developer receives. This means that if a developer gets enough money for their ad-supported applications, then private can be selectively blocked to protect users.”

Explore further: Skiers have reservations over airbag safety system

add to favorites email to friend print save as pdf

Related Stories

Senator calls for smartphone app privacy policies

May 25, 2011

(AP) -- A key member of the Senate Judiciary Committee is challenging Apple Inc. and Google Inc. to require all developers that make apps for their mobile devices to adopt formal privacy policies.

Recommended for you

How will Google, Apple shake up car insurance industry?

11 hours ago

Car insurance industry, meet potential disrupters Google and Apple. Currently, nearly all mainstream insurers that offer driver-monitoring programs use relatively expensive devices that plug into a portal under the dashboard. ...

Cyclist's helmet, Volvo car to communicate for safety

Dec 21, 2014

Volvo calls it "a life-saving wearable cycling tech concept." The car maker is referring to a connected car and helmet prototype that enables two-way communication between Volvo drivers and cyclists for proximity ...

California puzzles over safety of driverless cars

Dec 21, 2014

California's Department of Motor Vehicles will miss a year-end deadline to adopt new rules for cars of the future because regulators first have to figure out how they'll know whether "driverless" vehicles ...

Cadillac CT6 will get streaming video mirror

Dec 20, 2014

Cadillac said Thursday it will add high resolution streaming video to the function of a rearview mirror, so that the driver's vision and safety can be enhanced. The technology will debut on the 2016 Cadillac ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.