Which would you guess offered more privacy and security - an app or the mobile version of a website?
Four researchers at Northeastern University have recently conducted a study across 50 free, online sites to determine which one ranked higher in terms of privacy.
The question boils down to personally identifiable information (PII) these different versions are gathering on a user - and how much of it they are sharing with third parties.
Their overall conclusion was that mobile sites leak information 40% more of the time than apps do. What are they sharing? Mostly your location, name, gender, phone number, and email address. However, apps can spill more unique identifiers specific to your device.
Even though their findings show that mobile sites are leaking more information, the answer to their question is, “it depends,” says David Choffnes, a mobile systems expert from Northeastern University. “We expected that apps would leak more identifiers because apps have more direct access to that information. And overall that’s true. But we found that typically apps leak just one more identifier than a website for the same service,” he says in a press release from the school.
The most concerning piece of information being leaked are passwords. The researchers found that in certain instances, passwords were being sent to third parties for authentication or identity management purposes.
“The reasons for the intentional leaks are legitimate, and I’m sure that the services have appropriate agreements with the other parties to protect the passwords,” says Choffnes. “But the practice still raises an important issue: Users have no idea that their passwords are being sent to another party.”
Even though a definitive answer couldn’t be reached, the researchers are hoping their study becomes a call to action to increase awareness about user privacy. They developed a site that maps how much information the 50 online services are sharing, based on user preferences.
"There's no one answer to which platform is best for all users," says Choffnes. "We wanted people to have the chance to do their own exploration and understand how their particular privacy preferences and priorities played into their interactions online."