Most apps collect some information about the user. Sometimes, they really need such data to operate: For example, a navigation app requires your positioning information to build a convenient route for you. Developers often use information about you to monetize or improve their service — with your prior consent. For example, they may collect anonymous statistics to find bottlenecks in their app and understand along what avenue it needs to be developed.
But some developers may abuse your trust by stealthily collecting information unrelated to their app’s functionality and by selling your data to third parties. Fortunately, you can use a couple of services to bring such apps into the open.
The AppCensus service helps you find out what personal data apps collect and where they send it. It relies on the dynamic analysis method: The app is installed on a real mobile device, granted all the required permissions, and actively used for a certain period of time. All the while, the service keeps an eye on the app to see what data it sends, and to whom, and whether the data is encrypted.
Unlike AppCensus, Exodus Privacy studies apps themselves, not their behavior. The service analyzes the permissions an app requests, and it looks for built-in trackers — third-party modules made to collect information about you and your actions. Developers often equip their apps with trackers provided by advertising networks, which are made to learn as much as possible about you for the purpose of delivering personalized ads. At present, Exodus Privacy recognizes more than 200 types of such trackers.
Is there any protection against spying?
We recommend that you treat mobile apps with caution:
- Do not just install them for no reason. They can spy on you, even if you never use or open them. If you no longer need an app that is already installed, delete it.
- Use AppCensus and Exodus Privacy to scan unfamiliar apps prior to installation. If the result disconcerts you, look for another app.
- Do not necessarily grant apps all of the permissions they ask for. If unclear about why the app would need this or that information, deny access to it. Check out this post for more about permissions in Android; also, you can easily control apps and permissions using Kaspersky Security Cloud.