Research on privacy of government mobile applications

The Information Culture Project has published the results of a study of privacy in 44 mobile applications used to access services of state and municipal bodies, government agencies and state corporations. Key findings:

• All applications request at least 5 permissions to access device data and functions. At the same time, each application from the sample uses at least one potentially dangerous permission, of which they most often request read and write access to external data storage (38 applications), access to the exact (34) and approximate (25) location, camera (33) and obtaining information about the device (10). Nine applications request access to phone calls, five – permissions for recording sound from a microphone, two applications – access to the device’s address book. In total, 88 unique permissions were requested by all applications.
  
• Revealed the use of 20 different third-party built-in trackers that are not related to their developers and authorities. 39 (88%) out of 44 studied applications have at least one built-in third-party tracker that transfers data to third parties. 19 applications (43%) transfer data to at least three third-party companies that control the work of trackers (in most cases, Facebook and Google trackers are used).
  
• Only 5 applications (USR REGISTRY OFFICE, Gosuslugi.Dorogi, Lipetsk region, HISTARS, Work in Russia) did not use any third-party tracker. By the number of trackers, the leaders are the applications “Moscow Transport” and “My Documents Online”, which use 10 and 9 different trackers.
  
• About half of trackers used in government mobile applications are of an analytical type. 15% of trackers collect location data, another 15% collect information for advertising and marketing purposes.