There’s no easy way to end illicit data sharing by apps because the ecosystem is so murky. “It’s like data laundering – ad networks as willful clearing houses for nefarious publishers.” “Bad information is collected and syndicated at scale through ad networks,” he said. GDPR doesn’t touch the digital ad ecosystem’s “chain of custody issue,” Simmons said. “Invariably, they can never answer me,” Greiner said, “which leaves me to believe that they’re very rarely asked where they get the data from.” Greiner always makes a point of asking the salesperson how the data they’re peddling was obtained and what’s in it.
Protected Media is regularly approached by companies offering to sell data or social graphs. If an app doesn’t care about draining a user’s battery or slurping up their data plan, “it’s safe to assume that data protection is low down on their list,” said Greiner, noting that most ad fraud is uncovered because of the bite it takes out of advertising budgets, while the privacy violation aspects “remain under the radar.” In some cases, developers harvest personally identifiable information from app users to share with advertisers, which advertisers might find useful but also represents a violation of GDPR.
#Harvest app developers code#
To be fair, the GDPR was created to unify privacy laws for the collection and processing of personal data across EU member states, not to tackle ad fraud.īut the lucrative nature of ad fraud is a primary motivator behind shady data collection and non-permissioned data sharing.Īnd some of the worst GDPR violators are app developers that monetize by adding third-party code and SDKs to their apps without understanding the implications, said Asaf Greiner, CEO and founder of Protected Media, a provider of anti-fraud technology. Around 30% of the data calls transmitted to and from devices are encrypted and when fraudsters enter the picture, they usually use transitory domains to obscure their actions, including data harvesting. “The regulation exists, but is there a body in Belgium looking at the mobile ecosystem to try and determine which calls from a device are legitimate or not – hell no, that’s not happening,” said Grant Simmons, head of client analytics at Kochava.īut even if there was, this stuff is hard to catch by design, Simmons said. Nearly 60% of apps sent advertising IDs to a remote endpoint at least once either directly or through a third-party SDK, regardless of where the users were located or whether they’d given consent.Īpps often presented users with a consent notice screen and then ignored the user’s choice, transmitting the data regardless of the user’s preference. In a recent test conducted for AdExchanger, mobile analytics company Kochava examined the behavior of the top 2,700 apps in the Google Play store in the United States compared with France, where GDPR applies.ĭespite a small drop in the average number of network requests coming per app in France, which was to be expected, there was no discernible difference in the prevalence of data transmission between regions. Unauthorized data harvesting from mobile apps has continued nearly unabated in the year since Europe’s General Data Protection Regulation came into force last May.
#Harvest app developers windows#
The front door may be locked, but the basement windows are wide open. While good-acting companies knock themselves out trying to comply with data protection and privacy laws, and regulators debate the minutiae of cookie consent policies, bad actors simply couldn’t care less.
0 kommentar(er)
