The Houseparty video chat app has been a lifeline for many people during the COVID-19 crisis. But the resulting increase in people using the app inevitably leads to questions about their security and privacy.
despite rumors of a cyber attack, Houseparty’s security seems quite solid. What about the privacy of the video chat app? A closer inspection Houseparty iPhone application shows several trackers and data collection that you probably don’t know, according to a privacy review performed by the iOS and Mac app Confinement.
Lockdown folks did the Houseparty privacy review as part of a series of reviews of popular iOS apps.
224 tracking attempts within five minutes after using Houseparty
After accessing Houseparty through the iPhone app, Lockdown researchers recorded and blocked 224 attempts to track six third-party trackers in five minutes.
It looks like a huge number – and while not as invasive as applications like Google and Facebook, whose tracking practices are well known – it’s still significant, Johnny Lin, an Apple engineer who co-founded Lockdown, tells me.
“Each tracking attempt can contain multiple data, and 224 tracking attempts for six different trackers is more than we expected in five minutes,” he says.
But the more shares Lin continued to use Houseparty on his iPhone, the more records from third parties were recorded. Every time Houseparty was reopened, Lin recorded 36 more tracking attempts on at least three different third-party trackers.
· AppsFlyer collects unique identifiers such as IP address, downloads and app installs, Google advertiser ID, browser type, device type and model, CPU, OS version, Wi-Fi status, timestamp and zone and operator.
· BranchData collection includes IP address, phone number, iOS identifier for advertising, iOS identifier for suppliers, device model, manufacturer, operating system, operating system version, screen size, screen resolution, start / end time of the session.
· Segment collects data such as contact information, profile information, marketing information, financial transactions, device data, online activity data, professional or employment information.
· InstabugData collection includes name, email address, mailing address, phone number, payment related information, IP address, domain server and type of Internet browser, cookies.
Why tracking is important
Of course, you don’t know if the trackers are actually collecting all of this information, but this lack of transparency is worrying. Lin says that the fact that tracking increases when you perform an action on Houseparty is “significant”.
“Increased tracking attempts with user actions mean that the application is sending the user’s actions to third parties (possibly with unique identifiers) for processing,” says Lin. “I can’t speak for other people, but when I’m using an app, I don’t want or expect the things I’m doing to be sent to others.”
“Houseparty provides user controls in account settings, has never sold customer data and will never sell. Home users should always feel free to contact us with questions or concerns in Party support. “
The good news: There is no background tracking in Houseparty
One of the most invasive forms of tracking is background tracking, which occurs when an application is not in use. To Houseparty’s credit, Lin from Lockdown did not detect any background tracking during the one-hour period when he monitored Houseparty on an iPhone.
The lack of background tracking in Houseparty is “definitely good,” says Lin. He explains: “The background tracking works like this: every 30 minutes or so, your phone asks all installed applications: ‘Do you want to do some processing?'”
While some apps exploit this opportunity to contact third parties, some of whom pay apps for a user’s location and other data, Lin has found no evidence that Houseparty is doing so.
Houseparty permissions and user data
Another privacy risk may be caused by the permissions that an application requires. Although, of course, you need to access your camera and microphone to function, Houseparty requests data, including your full name, email address and date of birth.
You can choose not to share your phone number with Houseparty during the application process, but the option to “skip” this step is not obvious.
“Houseparty doesn’t need your full name, email address, date of birth and full phone number to work properly,” says Lin.
Meanwhile, Houseparty denies that you need to say “yes” to notifications to configure the app, but the language is ambiguous and can lead users to believe they need to do so. Lin explains: “Say: let’s go need you allow some things to start the party ‘ [including notifications]. “
In addition, he says: “When you try to keep touching the gray” Next “button without allowing Notifications, a very clear message appears:‘ Oops! Finish this section first. “
Partner privacy degree: C +
Lockdown people gave Houseparty a C + grade. It’s not terrible, but there is a lot of room for improvement.
“While we cannot be sure exactly what Houseparty is sending to third parties, we know, at the very least, that all application activation and user action, along with unique identifiers, is being sent for unknown processing,” says Lin.
“This equates to hundreds of data points per user per day, multiplied by more than 50 million users, multiplied by the number of different marketing and tracking companies.”
During the test, Lockdown did not use Houseparty’s “Connect to Facebook” feature. “If we had, we probably would have registered the Facebook Tracker block, in addition to other third parties,” says Lin.
Should you still use Houseparty?
The big question now is: should you stop using the Houseparty app on your iPhone? Lin thinks not, and I tend to agree. Houseparty is not the only application that allows these trackers, and some applications are much worse.
So use Houseparty, but you might also want to try Lockdown to block trackers. It is a free and easy to use application that I have been using for a few months.
Other than that, check the permissions on all your apps. Apple IOS 13 it makes it much easier to control the data collected by people like Facebook, Google and others, why not take advantage of that?