Personal data included users' GPS location, IP address, gender, age, birth year, Advertising ID, GPS coordinates, country, age segment, list of installed apps on phone, Wi-Fi Access point information.
At least ten Android apps including dating apps like Grindr, OkCupid and Tinder are transmitting user data to third parties without consent, Norwegian Consumer Council has revealed in a report. The apps appear to violate the European Union's General Data Privacy Regulation (GDPR), which aims to protect people's personal information online, the report noted. We take a look in detail everything to know:
Which apps shared personal data of users?
Apart from Grindr, OkCupid, and Tinder, makeup app Perfect365, period tracker app MyDays, Clue, Wave Keyboard, Happn, Muslim: Qibla Finder, and My Talking Tom 2 were found to be sharing personal data of users with third-party advertising companies.
What kind of data was shared?
Personal data included users' GPS location, IP address, gender, age, birth year, Advertising ID, GPS coordinates, country, age segment, list of installed apps on phone, Wi-Fi Access point information. OkCupid shared more sensitive information such as sexuality, drug use, political views and more, according to the report.
"None of the apps provided the information necessary for the consumer to make an informed choice when launching the apps. Furthermore, we found a near complete lack of in-app settings to regulate or prevent the sharing of personal data with third parties," Norwegian Consumer Council pointed in its 'Out of Control' report.
Which third-parties are involved?
As per the report, the data from these apps were sent to at least 135 different advertising companies including big names like Google’s advertising service DoubleClick and Facebook. In the case off Grindr, Twitter's adtech subsidiary MoPub was used to share personal data with major advertising third parties like AppNexus and OpenX. OkCupid shared highly personal data with analytics company Braze.
Specifically, eight of the apps sent data to Google's DoubleClick, including Happn, Muslim: Qibla Finder, and My Days, whereas nine apps shared personal data with Facebook. These include Clue, Happn, Muslim: Qibla Finder, My Talking Tom 2, OkCupid, Perfect365, Tinder, and Wave Keyboard.
How is users' personal data being used?
The advertising companies harvested this data to track behavioural profiling of users and generate "comprehensive profiles on individual consumers" for target advertising. The report explained that the data from users help advertising companies increase their profit revenues by targeting consumers with "precisely the right message at the right moment".
Should you be worried?
Most apps listed in the report are highly popular with millions of installs on Google Play Store. For instance, both Grindr and Clue have been installed more than 10 million times. Tinder and OkCupid by Match Group have more than 100 million and 10 million installs respectively on the Play Store. Given the sheer large number of users, their data being exposed can potentially be caused to commit fraud attempts or even exploited by hackers in case of data breach.
However, Norwegian Consumer Council pointed out in its report that there is an overarching lack of transparency given consumers are not given enough information to choose whether they accept being tracked and profiled. "If the consumer does not want their apps to transmit personal data to commercial third parties, the only option is often not to install the apps in the first place," the report read.