We are being watched every time we use our smartphones or a free mobile app without our permision. Mobile OS and app developers use data collection tools to take our personal data and whatever they want with it. Basically, they are spying on us. So, could these tools be considered a malware? What do they do with this information? Is it legit? In this post we will be answering these questions.
Understanding the impact of data collection
In 2018, Oxford University researcher published a paper titled “Third Party Tracking in the Mobile Ecosystem” in which they check 959,000 apps from the US and UK Google Play stores to determine if our personal information is at risk when using them. And they found out that a wide variety of data about our personal information and behaviour when using most of the apps is shared with around 10 third parties. And even one out of then apps that were analyzed send data to trackers located in more than one country.
Generally speaking, all of this data is collected and gathered by different companies, such as Alphabet’s Google Analytics for Mobile Apps, Facebook and other unknown companies such as Flurry (this company’s software will be revised later on). Then all of this data is shared with big tech companies such as Alphabet, Verizon, Telefónica, Facebook, Microsoft, AT&T, Twitter… with surely will be selling this information to other third companies of all kind.
And the range of data that is collected from out smartphones is enormous: all kind of information about the hardware and software of our smarthpone such as the OS, the battery level, the ambient temperature, the smartphone brand and model, the WIFI connection, etc and of course information about the user such as the age, mobile behaviour, gender, geolocation, mobile network provider, usage of the Internet, installed apps, and much more.
In other words, it can be said that we are monitored in real time without our permision, and companies use all of this collected information for different purposes: some sell this information to other third companies like advertisers while others will use it to know better their business and clients and offer better services / products. In other words, data implies money, profitability, earnings and revenues.
But, how is our data collected? As we said, there are companies that are dedicated to this task, and this is the case of our example. Flurry Analytics is an SDK developed by the American company Flurry. This company founded in 2005 provides mobile analytics, monetization, and advertising services.
Flurry Analytics is very similar to Google Analytics, since both share the same purpose: offering statistics services for free. But there is one main difference: the first is used on mobile devices while the second is used on websites. But this tool stands out for being much more effective that Google Analytics, since it turns out to be much more intrusive at capturing information. This allows obtaining much more detailed information about the user and their relationship with the mobile application. Among other usage data, we can observe information as interesting as the number of people who use a certain application, how many times a day, the geographical areas of each new user, the type of mobile and the operator from which the application is launched, if there were errors and much more details.
From the point of view of the application developer or programmer, it should be mentioned that Flurry Analytics is nothing more than a lightweight library. It occupies around 100KB on Android and 400KB on iOS, and it allows collecting statistical data from the moment the application is opened. And this functionality will be active until the app is stopped or closed. Its simplicity and ease of implementation is such that it can be used with just three lines of code.
This service supports and is compatible with Android, iOS, Windows Phone and BlackBerry RIM operating systems, as well as with JavaMe applications. It has to be mentioned that this service is free. Flurry is indeed the only professional-grade mobile app analytics platform that’s completely free. In addition, currently it also offers a service to provide application developers the possibility to incorporate ads in it, and this platform is responsible for this functionality.
A legit software or a malware?
Once we have seen the case of Flurry Analytics, is it possible to say that this type of software is indeed a malware? This service is used by multiple companies to be able to collect the greatest amount of statistical information from their users and, as a consequence, use it when making decisions. However, not every developer uses it with the same intentions. And, although its real purpose is statistical, deep down it could also be considered intrusive code.
In any case, whatever the final goal of the programmer, this function is executed at all times in which the application is used, without the user having the least knowledge of it. So, in a certain way, it does not respect the user privacy. In fact, it is not even mentioned anything about this at the time of the app’s installation.
The intrusive capacity of this tool is remarkable. Therefore, it can be concluded that this service threatens the security of the user’s personal information. Therefore, in some way it could be classified as malware, because the user’s personal information is under the control of the application.