Violating Google’s policy, apps are still collecting device data.


In a report from AppCensus, it’s been determined that 17,000+ Android apps with as many as tens of millions of installs on the Google Play Store have been found to violate Google’s Play Store Advertising ID policy guidance. They’ve done so by collecting persistent device identifiers such as serial numbers, IMEI, WiFi MAC addresses, and even SIM card serial numbers and sending them to mobile advertising related domains alongside ad IDs.

Apps sending non-resettable identifiers besides the ad ID is especially problematic because that effectively removes “the privacy-preserving properties of the ad ID” as explained in the AppCensus report.

This means that even when users are being offered the option to reset the advertising ID, doing so doesn’t translate into getting a new “identity” because there are a multitude of other identifiers being used to keep their tracking and targeting going.

AppCensus’ Serge Egelman also pointed out an incident in 2017 where “it was major news that Uber’s app had violated iOS App Store privacy guidelines by collecting non-resettable persistent identifiers. Tim Cook personally threatened to have the Uber app removed from the store.”

Some of the top 20 Apps highlighted for violating the Google’s policy include some well-known apps such as Angry Birds Classic and Audiobooks by Audible. The link to the full report can be found below.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648


AppCensus Report