A risk assessment of Google Play Store apps and “dangerous permissions” for National Security, Consumer Privacy, and Advertising Fraud
PALO ALTO, Dec. 17, 2019 — Pixalate, a global ad fraud intelligence and marketing compliance platform, today announced the findings of significant research from its latest analysis, detailed in the 2019 Mobile Advertising Supply Chain Safety Report.
The first part of Pixalate’s mobile app analysis zeroes in on National Security, Consumer Privacy, and Ad Fraud risks stemming from apps in the Google Play Store.
Pixalate’s analysis of the over 3.2 million Google Play Store apps — of which over 500,000 support programmatic advertising — includes a deep-dive into foreign-registered apps, including apps from China, Russia, and traditional shell company locations. Our analysts also highlight which “dangerous permissions” app developers request most often.
The 2019 Mobile Advertising Supply Chain Safety Report contains a wealth of insight, split by the potential risks to different audiences. Findings include:
- National Security Risk: Up to 72% of the top 10,000 programmatic-supported Play Store apps in the U.S. are registered in foreign territories, including China, Russia, and traditional shell company locations
- Consumer Privacy Risk: Over 80% of the top apps have “dangerous permissions,” including GPS coordinate access, camera and microphone access, and more
- Ad Fraud (Invalid Traffic) Risk: Over 25% of global programmatic advertising on Android devices is ad fraud (IVT)
“We were surprised to see the majority of top U.S. apps running programmatic advertising registered in foreign countries,” said Jalal Nasir, CEO of Pixalate. “Given heightened national security concerns — coupled with the plethora of private consumer data app developers can access — we encourage advertisers to pay special attention to the data collection, transmission and storage practices of their app partners.”
Pixalate’s 2019 Mobile Advertising Supply Chain Safety Report also contains detailed information regarding the 881,000 apps that were delisted from the Google Play Store from Q1-Q3 2019, including trends surrounding registration information, “dangerous permissions” requested, and more.
The new report comes on the heels of the U.S. government’s decision to open a national security review of TikTok, a popular Chinese app, and the FBI’s announcement that Russian apps will be treated as “potential counterintelligence threat[s].”
Pixalate’s analysis provides advertisers, consumers, and other stakeholders with a transparent look at the state of national security, consumer privacy, and brand safety risks that exist in the Google Play Store app ecosystem. Download a free copy of the 2019 Mobile Advertising Supply Chain Safety Report today.
Pixalate, a global ad fraud intelligence and marketing compliance platform, works with brands and platforms to prevent invalid traffic and improve ad inventory quality. We offer the only system of coordinated solutions across display, app, video, and OTT/CTV for better detection and elimination of ad fraud. Pixalate is an MRC-accredited service for the detection and filtration of sophisticated invalid traffic (SIVT) across desktop and mobile web, mobile in-app, and OTT/CTV advertising. www.pixalate.com
The content of this press release, and the 2019 Mobile Advertising Supply Chain Safety Report, reflect Pixalate’s opinions with respect to the factors that Pixalate believes can be useful to the digital media industry. Any proprietary data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that, opinions, which means that they are neither facts nor guarantees. Per the MRC, “'Fraud' is not intended to represent fraud as defined in various laws, statutes and ordinances or as conventionally used in U.S. Court or other legal proceedings, but rather a custom definition strictly for advertising measurement purposes.
It is important to also note that the mere fact that, for example, an app receives “dangerous permissions” (as defined by Google), appears to be transmitting personal data from the E.U. to countries that have not yet been identified by the European Commission as having adequate privacy safeguards, or is registered in a traditional tax haven country or a country that appears to be receiving heightened scrutiny by U.S. or E.U. governmental bodies does not necessarily mean that such app, or its publisher, is actually exploiting data subjects. Instead, Pixalate is merely rendering an opinion that such facts may be suggestive of heightened risks to data subjects.