How many companies get my data when I use free mobile apps?


Posted on: May 29, 2015 by Jordan Janeczko

What I usually expect out of app is that it asks a server if it has new data – so for a sports app I might be asking the score of the Juventus-Barcelona game. The server would send me the score, and probably save the fact that I wanted the score of a football match and not, say the score of the Blackhawks ice hockey game. A nice little one to one communication - and something that over time will get me fine-tuned content because it’s tracking what sports I like and don’t like.

Atos - Ascent-Mobile Apps(1)

But what does the communication pattern really look like?  It turns out it's a little different. And when I say a little, I mean a lot.

The title of Eurecom's paper seems harmless enough: Taming the Android AppStore: Lightweight Characterization of Android Applications. Characterizing apps in a lightweight fashion doesn't seem like much of a paper worth writing, but this paper is certainly worth reading. The team downloaded 2146 mobile apps and used packet tracing to see what those apps were connecting to. 436 apps were enjoyably boring – they didn't connect to anything.

But the remaining 1710 apps contacted just under 250,000 unique URLs – an average of about 140 URLs per app. 10% of the apps tested connect to more than 500 distinct URLs. The dry comment from the authors about about the “winner” for communication:

"We find the appMusic Volume EQ connects to almost 2000 distinct URLs. Interestingly, Music Volume EQ is a volume slider app, and not an app that would really require access to the network."

So what does the communication pattern really look like? Here is what it looks like if you were connecting to 500 URLs:

Atos - Ascent:Mobile Apps

Another interesting statistic is that 26.8% contact user trackers – companies who exist to simply gather information about you. And 16% of those contact over 100 different trackers reporting on your usage habits.  The winner of this category? If you have Eurosport Player, you'll be telling 810 trackers about yourself when you use it. Keep that in mind the next time you pull out your brand new Galaxy S6 Edge to find out how the NBA Draft is turning out.

What is trust and privacy these days? I must admit, I’m a bit old fashioned. I don’t want to be telling 5 companies what I’m doing all the time, let alone 500.  But it does beg the question of how many an acceptable number is in the first place. Society doesn’t seem to be spending much time defining what the right number is.  At least in Europe there is a right to be forgotten… but next time you think about that Right to Be Forgotten, just remember how many different companies you will have to contact to actually be forgotten… after you find out they exist in the first place.

Share this blog article


About Jordan Janeczko

Cloud Strategist at Atos and member of the Scientific Community
Jordan Janeczko is the Cloud Strategist for the Global Systems Integration of Atos and a member of the Scientific Community. After graduating from the University of Illinois in Computer Science, he started working for Siemens in their software division in Vienna, Austria. While there, he has worked on many research and development topics– for example in 1992 on collaboration software projects for the European Space Agency, in 1995 on Voice over IP technologies. Staying in the area of new product development but moving to product and portfolio management, in 1999 he started working in the area of the IP-Based Multimedia Subsystem for mobile network providers. Since 2009 Jordan has been helping define and build secure cloud services and cloud integration services, and has been invited as a cloud thought leader to speak at many global cloud events. In the Scientific Community, Jordan is working on Big Data and Cloud Computing, and in GSI he is globally responsible for the cloud computing strategy.

Follow or contact Jordan