Just four apps are enough to learn who a user is, even when anonymized.
Just a handful of apps installed on your phone can reveal much more about you than you may realize.
A study from the French Institute for Research in Computer Science and Automation found the majority of mobile phone users can be re-identified in a dataset by as few as four of the apps they had installed on their smartphones, raising privacy concerns as platforms increasingly share app data with advertisers.
The research, which was published in October of last year but has been re-circulating in recent days, analyzed data collected from 54,893 Android users over a period of seven months. The study found that any four apps selected at random can be used to re-identify a user in a dataset more than 95 percent of the time; a full list of installed apps can identify a user 99 percent of the time; and even just two apps could be used to re-identify a user in a dataset with a probability of 0.75.
A simple list of apps can also show a lot more than just who a user is. In addition to making it possible to re-identify a user in a large data set, a profile of installed apps easily predicts a user's lifestyle and habits, including traits like religion, relationship status, spoken languages, countries of interest, and whether or not the user is a parent of small children.
The findings raise privacy concerns as apps like Twitter and Facebook have begun to share the profiles of apps used with advertisers and as large data breaches leaking massive troves of user data at once become a growing threat. Researchers in the study found even if the list of apps is pseudo-anonymized, with identifiers like app names removed, easily accessible machine learning techniques can determine user traits and identify a user in a dataset.
"We believe that this is a real privacy threat to smartphone users (both Android and iOS) today as apps running on these OSs can access the list of installed/running apps," the researchers wrote.
They noted that Android apps don't require any additional permission to access the entire list of installed apps on a device. Although Apple does not allow iOS developers to access all installed apps, a platform can obtain a list of currently running apps at any time and by frequently scanning them quickly generate a list of all installed apps.
"Since people are unique in many different known and unknown ways, preserving the privacy of mobile users is very challenging," the study concluded. "New protection measures need to be devised."