Privacy Alert- Data from Google Maps is being shared with third-party servers

Are you an avid fan of Google Maps? And do you use the app for all your day to day transit and shopping needs?

Then there is a high probability that all your personal data such as your destination from where you have started and where you’ve visited can be shared with third party servers by Google.

Yes, you’ve read it right! You mobile phone navigational app can reveal a lot about yourselves to companies with whom you do not like to share any info. This includes personal info like where you live, work, your family residence, friends and acquaintances, where you shop, party, go on a vacation, communication and personal habits.

Thus, with all this info stored on Google Maps app, there is no guaranty that the app does not share this private info with third party servers like marketing firms and spy agencies located in countries like US, UK, North Korea, Russia, China, and France.  

According to a survey carried out by IMDEA Networks Institute, more than 70% of apps are reporting personal data to 3rd party tracking companies like Google Analytics, Facebook Graph API or Crashlytics.

Means, as soon as a smartphone user installs a new Android or iOS app, it asks for the user’s permission before accessing the personal info. The app also displays a pop-up message claiming that it needs to have access to data such as your contacts, images, videos, and such to work properly.

This is where the researchers from IMDEA Networks Institute quote the example of Google Maps as an evidence. In general, the app needs to have your phone’s GPS access to serve you better. But once the app has the permission to collect that info, there is no guaranty that the collected info remains on the server of the app or is not being leaked to any third party servers.

Technically, many mobile apps are written by combining various functions, precoded by other developers or businesses. And this leads to the emergence of third-party libraries. These libraries have the potential to access sensitive data of the user, his/her social media activity & connections and can earn money displaying ads and other features, without having to write them from the root. And there is a high possibility that the apps can share the collected info with online servers or to another company altogether.

It was discovered in the research that more than 598 internet sites will likely track a smartphone user in the United States for advertising purposes, and companies like Yahoo, Google, Facebook, Twitter also join this bandwagon. The research also claimed that the apps share info with trackers which keep a record of the phone number through its 15-digit IMEI number. Then the trackers share the data with marketing companies in the background out of which some could be black hat marketing companies.

Researchers from  IMDEA Networks Institute discovered that
Alphabet, the parent company of Google uses the data related to its Android phone users for marketing purposes. It simply shares the data with domains such as Google Analytics, Admob, Double Click to boost its AdWords campaign.

Narseo Vallina-Rodriguez, the Assistant Professor carrying out the research at IMDEA Networks Institute concluded that there’s nothing we can do when the apps installed on our smartphone share the data with third-party servers. It’s simple if we try to disable them forcibly, they fail to perform and if we allow them to do their work, they start triggering a privacy alert.

On a lighter note, the researchers say that paid apps tend to contact fewer tracking sites and often ignore the request of third party servers for data share.

But there is no guaranty that this practice always exists in reality.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display