Track apps

The government leaks private information? Study Reveals Official Websites Track Third-Party Data

Montreal, Quebec – George Orwell’s book “1984” warned people of the dangers of a government that always watches its citizens. Although the story is fictional, a recent study warns that it is starting to become reality. Researchers from Concordia University have found that government websites use Google tracking software to collect sensitive information about their users. The findings call into question the effectiveness of privacy laws, especially when our own government can send information to private third parties.

“The results were surprising,” says Mohammad Mannan, associate professor at the Concordia Institute for Information Systems Engineering, in a university outing. “Government sites are publicly funded, so they don’t need to sell information to third parties. And some countries, especially in the European Union, are trying to limit commercial tracing. So why do they allow it on their own sites? »

1 in 3 government sites use tracking software

The research team analyzed the security networks of more than 150,000 government websites from 206 countries from July to October 2020. Their analysis began with a seed list of thousands of government websites using automated search, l exploration and other methods.

Later, they moved on to deep scans that retrieved links from the source of the HTML page. Using OpenWPM, an open-source software that measures web page parameters, they collected scripts and cookies from government sites from their code. They have also successfully obtained device fingerprinting techniques.

The researchers wanted to compare the privacy settings of government sites with those of apps. They tracked over 1,150 government Android apps from 71 different countries using Google Play Store URLs on government sites. They studied developer URLs and email addresses. Where possible, applications were downloaded and data extracted using tracking software development kits.

The study reveals that 30% of government websites have JavaScript trackers on their contact information pages. Most of the trackers belonged to the Alphabet company. They also found 1,647 SDKs in 1,166 Android apps, more than a third of which belonged to Google (37.1%). The rest of the SDKs came from Facebook (6.4%), Microsoft (2.1%) and OneSignal (2.9%).

Governments ‘allow these potential violations’

A total of 17% of government websites and 37% of government Android apps have Google trackers. Researchers claim that more than a quarter (27%) of Android apps gave away private data to third parties or potential hackers. An internet security website called Virustotal flagged 304 sites and 40 apps for malicious activity.

The researchers say the findings are alarming, given that people may be forced to enter personal information on government sites to pay taxes or seek medical care. This potentially puts them at a higher risk of having their information stolen by identity thieves.

“Governments are increasingly aware of online threats to privacy, but at the same time they enable these potential breaches through their own services,” Mannan said. Although privacy laws are in place in several states and counties, Mannan says governments should follow their own advice and make privacy a top priority.

The study is published in the ACM 2022 Web Conference Proceedings.