A new study say that the free apps and web-based services that are downloaded on Android or iOS devices may have in turn leaked personal information, including names, gender, phone numbers, and email.
For the study, researchers investigated the degree to which each platform which includes advertisers and data analytics companies that these services rely on for finance, leaks personal identification information (birthdates, locations).
The findings showed that both apps and websites leaked personally identifiable information to varying degrees.
"We expected that apps would leak more as they have better and direct access to this information. Overall that's true," said Assistant Professor David Choffnes, at Northeastern University in Massachusetts, US.
He also said that typically apps leak "just one more identifier than a website" for the same service.
"In fact, we found that in 40 percent of cases websites leaked more types of information than apps," Choffnes added. Researchers also found that these services would send encrypted passwords to a third party due to a bug, for authentication purposes or for identity management.
"The reasons for the intentional leaks are legitimate, and I'm sure that the services have appropriate agreements with the other parties to protect the passwords," Choffnes said. He added, "Users have no idea that their passwords were being sent to other parties."
Users can select from a drop-down list of the services included and also the operating system they used either Android or iOS. Next the users are asked to rate various types of personal information, from their birthdates to their devices' unique identifier information that they mostly prefer to keep private.
"Then, automatically, the site generates two leakiness indexes for the service selected a sky blue bar for the app version, a lime green one for the web and recommends the best platform for that particular user," the researchers said.
Choffnes hopes that the study would start a dialogue between consumers and online services about the kind of information that should be collected - balancing the services' revenue needs with consumers' privacy needs. The results will be presented at the 2016 Internet Measurement Conference, in Santa Monica, California.