Android App Privacy Graded on New Online Report Card from CMU

Nov 17, 2014

More than half of American adults have a smartphone. With those smartphones come a variety of apps one can download — either free or purchased. As privacy concerns continue for many Americans, a new project out of Carnegie Mellon University seeks to shed light on how personal information is used by Android apps, namely the free ones.

“One of the problems we’re facing with all these smartphone apps is a lot of them are actually collecting a lot of personal data about us, and it’s often very surprising to people when we, as researchers, tell them what’s going on with these apps,” said Jason Hong, associate professor in the Human-Computer Interaction Institute at CMU.

What is surprising, said Hong, is which apps are using personal information.

“Most people don’t expect Fruit Ninja to use location data, and in reality it does,” he said, “so there’s a big gap between peoples’ expectations and reality. We call that a privacy problem. But in contrast, if we tell people Google Maps uses location data, no one is really surprised because it’s sort of obvious, so in that case the expectations match the behavior, so we don’t consider that a big privacy problem.”

PrivacyGrade.org analyzes behaviors of smartphone apps and also tries to capture peoples’ level of surprise about them. It then gives the apps a letter grade from A+ to D.

“With A+, what that means is that it doesn’t collect any kind of personal data about the individual user, so it doesn’t use location data or contact lists of anything else,” said Hong, “whereas the ones with lower grades are using a lot more of your personal data, often in ways that are surprising to people.”

Some of the apps to score an A+ or A are the game Lazors, Instagram and YouTube. In the middle, Snapchat scored a B, Angry Bird a C and at the bottom, Fruit Ninja and Words with Friends each scored a D. Hong said the purpose of the site is mostly to raise awareness both for users and developers.

“If we can help improve the user interfaces for these apps, if we can help the developers do better, then maybe also help the Android and iPhone ecosystem present better kinds of interfaces, then I think we can really start addressing a lot more of these privacy problems that way people won’t be having these nasty surprises,” said Hong.

Free apps have to generate revenue somehow, which is often where data collection comes into play, but Hong said, it might help users if that were more clear on certain apps. The website currently grades only Android apps, but Hong said grading of iPhone apps is likely to come in the future.