Highly relevant study on how 24,000 out of 570k identified free Android and iOS apps transmit personal data to third-party companies shows a massive failure of GDPR enforcement. By @KKollnig, Anastasia Shuba, @RDBinns et al, based on code+traffic analysis: arxiv.org/pdf/2109.13722…
@KKollnig@RDBinns Examining also iOS apps is very worthy. Third-party tracking in iOS apps is notoriously underexamined because more difficult than in the Google ecosystem.
However, important to consider that the data is from 2020, and thus from *before* Apple introduced the IDFA request stuff.
The 'Advertising ID' is a device identifier controlled by Google/Apple that points to the person using a phone. Thousands of companies use it to track, follow and profile everyone.
55.4% of Android apps and 31% of iOS apps shared the so-called Advertising ID with third parties.
As soon as the AdID is being transmitted, everything else that is transmitted (all kinds of behavioral data) is clearly personal data and exploited to link profile data across the industry.
So, I wouldn't say that Apple/iOS was equally bad as Android in 2020, but still very bad.
Google & Apple are responsible:
"Since the platforms take a share of any sales through the app stores (up to 30%), both Apple and Google have a natural interest in creating business opportunities for app publishers, and letting them collect data about users to drive such sales"
So, which companies did the examined apps share data with?
Mobile platform operators Google and Apple. Facebook, Microsoft, Amazon, Oracle, Salesforce/AppsFlyer, children/games tracking firm Unity, and many other data harvesting companies based in the US, in Russia and in China.
Not all data sharing with third parties is equal.
G, FB and others create extensive personal profiles on billions based on data shared by apps. Apple's profiling, to my knowledge, is less extensive.
Anyway, both large platforms and myriads of smaller data firms are problematic.
I would have expected that children's apps are at least a bit less contaminated by unscrupulous tracking by third-party companies, but no.
On Android, even *more* children's apps were observed to share the Advertising ID compared to all examined apps (59.3% compared to 55.5%).
The analysis of third-party libraries embedded in apps may include companies that receive not very extensive personal data.
On the other hand, the paper only examined how apps shared data *before any user interaction*. The numbers would be much higher after pseudo 'consent'.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
The DPC's draft decision about the 2018 NOYB complaint against FB largely reads like Facebook defending itself against the complaint.
Even without considering off-platform data, FB processes personal data on hundreds of millions of Europeans at an EXTREME scale/depth/velocity.
The decision argues this the 'very nature' of FB's service and can thus be part of a 'contract' with the user. noyb.eu/sites/default/…
(actually, as far as I can see, the investigation of Facebook's personal data processing activities and in-depth legal assessments of each of those data processing activities was not part of the investigation that led to the draft decision)
"Eine neue Studie zeigt, wie Digitalisierung ganze Arbeitsprozesse reorganisiert und zu immer mehr Kontrolle führt"
@shroombab über rigide digitale Kontrolle im Außendienst, Überwachung mit Microsoft 365 & Socialcredit-Bewertungssysteme in der Büroarbeit: futurezone.at/netzpolitik/mi…
@shroombab Hier ein Überblick über das erwähnte Fallbeispiel aus AT, das auf Basis von Interviews mit BetriebsrätInnen eindrücklich zeigt, wie das Smartphone durch digitale Dokumentation und Vorgabe von Arbeitsschritten die Wartung von Anlagen verändert hat.
Besonders perfide: Die Kundenfirmen, die die Anlagen betreiben, wollen immer mehr Daten über durchgeführte Wartungstätigkeiten. Ein Wartungsbetrieb bietet nun Echtzeit-Zugriff auf Daten der WartungsmitarbeiterInnen als Zusatzdienst.
Meine Studie zu "digitaler Überwachung und Kontrolle am Arbeitsplatz". Welche Technologien gibts und wie nutzen Unternehmen Daten über (und gegen) Beschäftigte? Eine Bestandsaufnahme mit vielen Beispielen: crackedlabs.org/daten-arbeitsp…
Ein Ergebnis ist diese "Landkarte" betrieblicher Datenpraktiken und Systeme, die einen Überblick darüber gibt, welche Software in Unternehmen welche Arten von Beschäftigtendaten zu welchen Zwecken verarbeitet.
"Mit Software können Unternehmen jede Tätigkeit ihrer Mitarbeiter verfolgen"
@DIEZEIT hat einen Exklusivbericht, Schwerpunkt auf Produkte für die Analyse "betrieblicher Abläufe" und IT-Sicherheit, die exzessive Daten über den Arbeitsalltag auswerten [€]: zeit.de/2021/38/ueberw…
A hundreds-of-billions $ industry including the largest tech giants has been lying to the public and to people for years by claiming that all the personal data harvested from smartphones, apps and other devices would be 'anonymous'. It's not and never was: vice.com/en/article/epn…
So-called 'advertising IDs' are linked to specific smartphones or other devices, and thus have always been 'pseudonymous' personal identifiers.
As @josephfcox's article shows there are companies who openly sell the corresponding names, postal addresses, phone numbers, and more.
But even if there is no name, advertising IDs are not 'anonymous'.
In most cases, it doesn't matter if data is tied to a name or not. With pseudonymous IDs, companies can perfectly track, follow and act on individuals over time, across the digital world. crackedlabs.org/en/corporate-s…
"Zu Schichtbeginn wissen die Fahrer*innen nicht, wann und wo ihre Pause sein wird ... Der Algorithmus teilt es ihnen dann mit, wenn es gut passt"
Automatisiertes Management beim VW-Ridepooling-Dienst Moia. Ein Betriebsratskandidat wurde gekündigt: taz.de/Arbeitsbedingu…
Jede kurze Pause muss im digitalen System "beantragt" werden. Moia hat gegenüber den FahrerInnen betont:
„Es ist wichtig zu wissen, dass solche Unterbrechungen nur im Ausnahmefall vorgenommen werden können, weil diese den laufenden technischen Betrieb in extremer Weise stören“
Falls vom System genehmigt, werden die kleinen Pausen aus der bezahlten Arbeitszeit herausgerechnet. Im Nachhinein kann für Toilettenpausen ein Antrag auf Erstattung gestellt werden, für die Antragstellung sind 2 Minuten Arbeitszeit vorgesehen.
In Jan 2020, Google announced it will 'phase out' Chrome third-party cookies and thus opaque marketing surveillance across hundreds of thousands of companies.
Now it says it may do so in 'late 2023'. It should have done so many years ago. Mobile is even worse.
Google is evil.
Actually, Google co-created today's broken digital economy based on data exploitation across myriads of *other* companies. It made billions and billions of it.
Under its shiny surface, Google has turned the digital world into a surveillance hell, and it will continue to do so.
...unless we, as a society, stop it, through political and legal measures.
It's not that I didn't expect Google to further delay blocking third-party cookies in Chrome.
I hope that (EU) regulators and public-interest litigators didn't already completely stop addressing them.