Android Apps Found Transmitting IMEI, Phone Serial, Mac Address To Ad Network – Report
Thousands of Android apps are free to use and they earn on Ads you see popping out on the screen. The ads are shown on the basis of the user’s interest and behavior. This requires Apps to mandate permission from Users to allow them to display the most relevant ads on their screen. This sounds a fair policy, but the reality is a lot more twisted.
Based on news published by Cnet there are thousands of Apps who covertly identify user information and stores a permanent record of their device activity, the news is backed by a report which clarifies how Android Apps are violating ad policies to mint money.
Serge Egelman from International Computer Science Institute published a report Ad IDs Behaving Badly, which talks in detail about the major privacy concern. He explained the term “Persistent identifiers” more like a smartphones unique identity that lets the advertising network to identify a User.
On your mobile device, there are many different types of persistent identifiers that are used by app developers and third parties contacted by those apps. For example, one app might send an advertising network your device’s serial number. When a different app on your same phone sends that same advertising network your device’s serial number, that advertising network now knows that you use both of these apps, and can use that information to profile you. This sort of profiling is what is meant by “behavioral advertising.” That is, they track your behaviors so that they can infer your interests from those behaviors, and then send you ads targeted to those inferred interests.
On PC, Laptops, etc. cookies act as Persistent identifiers to remember the user and after clearing all tracking is gone. But in android things are different, the ad network has data like Device Serial Number, IMEI Number, Wi-Fi Mac Address, SIM Serial Number, etc. This cannot be wiped out even after factory reset. The ad network already has the User’s Identity permanently stored in their database.
The reports claims around 17000 Apps are transmitted AD ID along with Persistent Identifiers. Some of the popular apps provided in the report list are Clean Master, Subway Surfer, Talking Tom, Flipboard, Temple Run 2, Angry Bird Classic, Cam Scanner, etc. Serge Egelman shared that the issue is reported to Google five months ago and since then there is no response.