The Targets of Mobile Apps: Your Health, Your Ancestors, and Your Baby

Researchers at Yale Privacy Lab analyzed the existence of a hidden economy of trackers packaged into many of the most popular apps in Google Play.

|
Dec 14 2017, 3:30pm

Image: Shutterstock

Michael Kwet and Sean O’Brien are Visiting Fellows at Privacy Lab, an initiative of the Information Society Project at Yale Law School. Contact them securely.

By now, we’ve all heard creepy stories about predictive analytics. Your purchase patterns tell retailers a lot about you, with Target famously outing a teenage girl’s pregnancy to her father in 2012. Since then, we haven’t heard about many new, even creepier ways marketers are tracking us.

Our smartphones give advertisers a trove of data about us, often “volunteered.” Why would retailers guess anymore when we hand over our most personal treasures?

You don’t have to dig too deep into app stores to find cogent examples. The Pregnancy+ and Baby+ apps, for example, encourage users to input a full range of intimate pregnancy details (alongside their shopping list, of course). The apps provide parent company Philips, of the Norelco shaver brand, the baby’s due date and gender, as well as the app user’s name, gender, photo, location, email, relationship to baby, weekly notes, and diary entries.

As we travel through our lives, smartphones in pocket, we are building detailed data profiles. When we install an app, we're not informed about the potential consequences of this surveillance. Some day, our digital "shadows" may affect our insurance rates, our credit, and the opportunities of our children.

As researchers at Yale Privacy Lab, we analyzed the existence of a hidden economy of trackers packaged into many of the most popular apps in Google Play. For a few years, app developers have been packaging these trackers for the purposes of targeted advertising and data analytics. Researchers at Exodus Privacy in France provided us the information, and developed software to scan apps for trackers and app permissions.

Using privacy software developed by Exodus, we discovered that by using clandestine app trackers, third parties are collecting and analyzing data entered into a wide variety of Google Play apps, including Pregnancy+ and Baby+.

The Pregnancy+ app has over 5 million downloads, while Baby+ has at least 50,000. They use cookies and “other technologies” to identify and track users.

Those other technologies include trackers from Facebook, Yahoo! and Google. The trackers are “SDKs”, or “software development kits,” bundled into apps that gather data about users and track their behaviors. Philips permits these companies to collect data about in-app use, and to analyze it for advertising and usage reports.

Perhaps the most personal data in these apps is health data. This includes personal notes from doctor visits, mother and baby’s weight, blood pressure, fetal heart rate, date of the appointment, and the name of the health care provider. The list goes on and on: baby kicks and contractions, vaccines, breastfeeding, and much more.

The plethora of data being sucked out of health apps by third parties includes both sensitive medical and seemingly benign data, straight from health and fitness apps.

According to its privacy policies and those of its third party advertisers, Philips shares data with third-party marketers to analyze as it sees fit. Because even anonymized data can be easily correlated to an individual when correlated across datasets, any pretense of privacy is out the window, for mother and baby. Detailed information about app usage, which includes entering information about babies in utero and during early development, is fed into the Philips corporate database. They then share your “usage” with third parties for advertising and analytics. Philips isn’t shy about this: It mentions tracking software from Amazon, Facebook, Yahoo!, and Google in its privacy policy.

Why is this a problem? As Cathy O’Neil observes, Big Data can separate the healthy from the sick. “The better we get at predicting and treating, say, diabetes,” she notes, “the better private insurance companies will get at charging people for their future diabetes care.” With the amount of data sloshing around between “parties” in the background, there is every reason to worry about ramifications for insurance, or even employment.

Interestingly, advances in big data analytics makes use of data seemingly unrelated to medical conditions. Mason Marks, one of our colleagues at the Information Society Project at Yale Law School, has termed this Emergent Medical Data: “Using the same technology that brings you personalized advertising, platforms can piece together disparate scraps of data, which would not ordinarily be considered health information, to create a detailed picture of your physical and mental health.”

The plethora of data being sucked out of health apps by third parties includes both sensitive medical and seemingly benign data, straight from health and fitness apps.

CareZone’s mobile app helps users manage their medications in “a single list” that includes “medications, dosages, refill information, and prescribing docs.” It helps track “important health vitals” such as blood glucose, sleep and weight, and organizes contacts like doctors, pharmacies, insurance and family. Journals, calendars, photos, to-do lists, and notes are features inside the app.

CareZone “promises” your info is “private and secure.” However, their privacy policy does not mention they inserted advertising trackers that perform big data analytics, identify and profile users based on non-personally identifiable data, and track detailed location coordinates. Yet we found these trackers in our analysis.

Companies now have data about babies before they are even born.

Similar practices extend to pharmacies and health insurance corporations. Exodus revealed multiple trackers in the CVS/pharmacy mobile app. Aetna Mobile offers services that contain medical claims, health records, disability support, and balances. Their app includes trackers from Google and Adobe.

What about fitness and diet apps? They, too, have joined the tracker train. Under Armor’s Calorie Counter app has over 50 million downloads, and multiple trackers to count calories alongside you. Its Run with Map My Run has several ad trackers running by your side, as does Map My Ride. Runtastic and Planet Fitness also let marketers join your workout, according to our analysis.

Perhaps the most brazen offender is Ancestry’s mobile app, AncestryDNA. This app allows you to categorize your “unique ethnic mix” based on regions and migrations, and discover DNA “relatives” who share your AncestryDNA test results. It provides services that “involves the collecting, processing, storing and sharing of personal information,” so it wants to “ensure that this is done in a responsible, transparent and secure environment that fosters your trust and confidence.”

Personal data collected includes name, contact and payment info, genetic information, as well as your background, interests, and family.

While Ancestry does not share personal account information, it does share non-personally identifiable information (PII) it may use “for any purpose, including sharing that information with the Ancestry Group Companies and with other third-parties.”

As part of its “responsible, transparent, and secure environment,” AncestryDNA also includes the Adobe and Google tracking experience—something it does not notify or educate users about. The Exodus platform identified clandestine Google and Adobe trackers that collect and analyze data based on individualized and group profiles for targeted advertising.

Another popular ancestry and DNA app, MyHeritage (1 million+ downloads), also plays this game: its app includes at least six trackers. Personal information is not sold or shared, but they can use non-PII “for any purpose.” What MyHeritage deems “non-personal” information is vague, open-ended, and supposedly not identifiable. Yet it incorporated the AppsFlyer tracker, which features a proprietary mobile attribution service, NativeTrack. Using Android device IDs and fingerprints, NativeTrack can identify individual users across multiple devices (such as a smartphone, laptop, and desktop). MyHeritage users are completely in the dark that these trackers even exist.

People are feeding apps their most intimate secrets. Companies now have data about babies before they are even born. They literally have our genetic makeup on file, as payment for attempting to learn about our heritage. App makers promise transparency up front, but cash in through the back door. The data gathered today via our smartphones could very well shape the lives of our children, as we race toward this "Brave New World."