Tracking the Trackers
Automated scanning for spyware in mobile applications
F-Droid is a free software, community app store that has been working since 2010 to make all forms of tracking and advertising visible to users. It is the trusted name for privacy in Android, and app developers who sell based on privacy make the extra effort to get their apps included in the F-Droid.org collection. These include Nextcloud, Tor Browser, TAZ.de, and Tutanota. Auditing apps for tracking is labor intensive and error prone, yet ever more in demand. Our tools already aide F-Droid contributors in this process. This project creates new tools using machine learning to drastically speed up this process by augmenting the human review process. Since the prime motivation of the F-Droid community is ethical software distribution, algorithms will never replace humans in making ethical decisions. We will also explore using machine learning to detect tracking in a more generic way, without requiring manually compiled lists of key information. The resulting tools will be generally available for any use case needing to reliably detect trackers in Android apps. This builds upon our collaboration with Exodus Privacy and LibScout.
- The project's own website: https://f-droid.org/en/2017/12/14/new-collaborations-on-exposing-tracking.html
Why does this actually matter to end users?
Everyone knows there is no such thing as a free lunch. But when you are browsing through an app store, it sure looks like there is a wealth of free apps. Software companies have learned that users can put up with in-app advertising and data tracking as long as the app works relatively well (and the ads don't last too long). But what if a user doesn't want to be followed and profiled? Or what if the user is underage? In a user-centric internet, you should be able to choose. F-Droid is a necessary alternative to proprietary app stores that instead focuses on free, open source software that respect user privacy. So-called 'anti-features' like advertising, tracking and software dependencies on nonfree technology are clearly flagged and marked in app descriptions. This way users can make informed choices what software they put on their phone and be sure they are not tracked without their knowing.
Any privacy-friendly and transparent alternative to proprietary digital spaces is fundamentally built on trust. Users rely on the community behind F-Droid to rigorously audit the software in the app store and make sure no hidden tracking and profiling features are sneaked in. As the offer on F-Droid grows, auditing becomes more taxing and time-consuming for the community and new apps may end up in the app store that do not meet F-Droid's ethical requirements which can turn off users. This project helps speed up the review process, without fully automating it. New machine learning tools can quickly identify tracking and advertising technology in Android apps so an auditer can focus on making informed decisions, instead of having to do a lot of manual searching. Ultimately this will help keep F-Droid free of (hidden) tracking and advertising in apps and remain a trustworthy, user-centric and privacy-friendly app store.
Run by Guardian Project
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.