Selecting a group of 50 of the most popular free services online with equal functionality in both the app and the website, the researchers compared the data leakage of information that could be used to identify a user from either platform. Being sure to sample from a variety of industry categories--including business, news, shopping, music, and even weather--the team would log in as if they were a regular user before tracking how their information is shared by the site to advertisers and data analytics companies.
So, between mobile apps and web-based services, which leaks more of a user’s information? According to research team member and assistant professor David Choffnes, that depends.
Choffnes stated that the team expected applications would leak more information by their more direct access to it. While their findings do support that hypothesis somewhat, the margin was much closer than they expected. In 40 percent of their tested cases, the website version of a service or function would share a greater variety of information with outside parties than the apps would.
The type of information shared also varied based on the platform a user chose. Websites, for example, would share the user’s name and location, while apps were far more likely to share a device’s unique ID number. Together, the app and website could collect a fairly comprehensive profile on the user, much to the surprise of the research team.
While there are legitimate reasons for these services to share out their information, the research team is concerned that the users are unaware of where their personal information is going, as many believe that their information is being held solely by the service they provide it to. However, the team hopes to spread awareness of credential and information sharing, and has even provided an online report of what information is leaked by particular apps, as well as an online tool to determine which method of accessing a service, the app or the web page, is the more secure option.
Information is an incredibly valuable and sensitive asset to a business, so it is best to know just where your information is going.