CMU logo

New website highlights thousands of Android apps’ data collection practices

News

ANTprivacy.org provides thousands of charts, providing visitors with an easy-to-understand roadmap of how apps collect and share data. In this example, the chart highlights TikTok’s data collection practices, revealing that the social media app collects network, device, and general data, which is then sent to four cloud services owned by a total of three companies.

Researchers at Carnegie Mellon University have launched a new website, offering Android users an easy and convenient way to see how their data is collected and shared.

The Android Network Traces (ANT) project boasts a vast database of over 14,000 apps, providing comprehensive insights into apps’ data collection and data sharing practices.

Previously, the team of researchers had developed a website focused on grading the privacy of smartphone apps. However, during that venture, they kept receiving the same questions; What types of data are the apps collecting? Who receives this data? And what are they using it for?

So in 2018, Jason Hong, professor at CMU's Human-Computer Interaction Institute, along with members of the Human-Computer Interaction: Mobility Privacy Security Lab (CHIMPS) went to work developing a novel technique, dubbed MobiPurpose, to track network requests made by Android apps and classify data collection purposes.

In their paper “Why Are They Collecting My Data?”: Inferring the Purposes of Network Traffic in Mobile Apps,’ the authors describe how MobiPurpose parses each traffic request body into key-value pairs and infers the data type and data collection purpose of each key-value pair using a combination of supervised learning and text pattern bootstrapping. The study’s results show that MobiPurpose can predict the data collection purpose with an average precision of 84 percent.

Using their technique, researchers collected network traces from thousands of apps and grouped them into five data type categories: network, device, general, location, and account, eventually translating that information into easily consumable charts on ANTprivacy.org.

“Smartphone apps collect a ton of data, which is a big surprise to many people,” said Hong. “So we mapped things out, providing a visual way to help consumers understand what’s happening with their personal information.”

“We hope our website helps increase users’ awareness of these practices and enables them to make informed choices about the apps they download and use.”

In addition, the team will look to share their work with developers and regulators in hopes of inspiring change and influencing policy. Interested parties can download the researchers’ original datasets.

The Android Network Traces project is ongoing, as researchers will continue to analyze apps’ data collection practices and add new information to the website.

To learn more about the project and see the full list of contributors, visit the website’s ‘About Us’ page.

 

By: Ryan Noone
rnoone@andrew.cmu.edu

Related People
Jason Hong

Research Areas
Usable Privacy and Security

Back to Top