Despite Google's clear bans, tens of thousands of Android apps seem to send invariable information about devices to advertisers. This is the result of a study conducted by the independent research institute Appcensus in Berkeley, California. From a database of 24,000 Android apps that query the so-called smartphone advertising ID, the study found that roughly 70 percent of other identification features. Over 18,000 different apps are affected.
The so-called advertising ID should allow smartphone users to receive personalized advertising without at the same time having to hardly transfer all the interchangeable data of the device such as the IMEI serial number, the MAC addresses of the routers or the Android ID (SSAID ). As with browser cookies, if desired, users can reset the advertising ID at any time or typically disable the transfer.
Google wants to tackle the problem now
However, if the immutable identifiers are transmitted in conjunction with the advertising ID, this privacy feature will be compromised. Even a newly generated ID can therefore be clearly assigned to a user. According to the study, famous apps like Clean Master and Subway Surfers, which have been installed more than a billion times, violate advertising policies. "The advertising ID can only be linked to personal data or to the same device IDs as the SSAID, MAC address or IMEI with the explicit consent of the user.", Google asks.
Although Google was already confronted with the survey results in September 2018, the company has not yet answered the question about how this problem should be addressed, said Serge Egelman of Appcensus. The Cnet computer magazine, however, a Google spokesman said: "The combination of advertising IDs with device IDs for the purpose of customizing advertisements is strictly prohibited, we are constantly reviewing apps, including those mentioned in the researcher's report, and we will act if they do not comply with our policies."
However, Google recognized that these activities could only be detected if apps also sent data to Google's AdM advertising network. Outside this network, however, violations could not be detected. Furthermore, it is quite legitimate to transmit, for example, a device ID or Android ID for security reasons. But not for advertising purposes.