According to a recent study by Concordia, government websites and apps use the same tracking technologies as commercial websites and apps.


According to a study, authorities around the world are not as concerned about user privacy as they should be. It is common knowledge that the merchant sites and smartphone applications that we use every day are watching us. Big companies like Facebook and Google depend on it. However, as a recent article by a team of Concordia scholars demonstrates, companies are not the only ones collecting our personal information. Governments around the world are implementing the same tracking methods and allowing large corporations to track consumers of government services, even in areas where politicians write laws to limit commercial trackers.

“The results were surprising,” says the paper’s co-author, Mohammad Mannan, an associate professor at the Concordia Institute for Information Systems Engineering (CIISE) at the Gina Cody School for Engineering and Computer Science. “Government sites are publicly funded, so they don’t need to sell information to third parties. And some countries, especially in the European Union, are trying to limit commercial tracing. So why do they allow it on their own sites? »

The authors of the article performed privacy and security scans on over 150,000 government websites from 206 countries and over 1,150 Android apps from 71 countries. They found that 17% of government websites and 37% of government Android apps host Google trackers. They also noted that more than a quarter – 27% – of Android apps leak sensitive information to third parties or potential network attackers. And they identified 304 sites and 40 apps flagged as malicious by VirusTotal, an internet security website.

The paper was presented at the Association for Computing Machinery’s WWW ’22 conference in late April. Current PhD student Nayanamana Samarasinghe, recently graduated Masters student Aashish Adhikari (MEng 21) and Professor Amr Youssef, all from CIISE, co-authored the paper. The researchers began their analysis by building a seed list containing tens of thousands of government websites using automated search and crawling and other methods between July and October 2020. They then performed in-depth analyzes to retrieve links in the HTML page source. The team used instrumented tracking metrics from OpenWPM, an automated open source software used for web privacy measurements, to collect information such as scripts and cookies used in the code of websites as well as device fingerprinting techniques.

Mannan notes that the use of trackers is not always intentional. Government developers most likely use existing software suites to build their sites and apps that contain tracking scripts or include links to tracker-infused social media sites like Facebook or Twitter. Although the use of trackers is widespread, Mannan is particularly critical of jurisdictions such as the EU and California which claim to have strong privacy laws but which in practice are not always very different. others. And since users can only use government portals for important personal obligations such as paying taxes or seeking medical care, they are at increased risk.

They tracked Android apps by searching Google Play store URLs found on government sites, then examining developer URLs and email addresses. Whenever possible, they downloaded the apps — many of which were geoblocked — and scanned them for built-in tracking SDKs. Analyzes revealed that 30% of government websites had one or more JavaScript trackers on their landing pages. The best-known trackers were all owned by Alphabet: YouTube (13% of websites), (13%) and Google (nearly 4%). They found some 1,647 tracking SDKs in 1,166 government Android apps. More than a third – 37.1% – came from Google, with others from Facebook (6.4%), Microsoft (2.1%) and OneSignal (2.9%).

“Governments are increasingly aware of online threats to privacy, but at the same time they enable these potential breaches through their own services,” he says. Mannan urges governments to frequently and thoroughly scan their own sites and apps to ensure privacy security and compliance with their own laws.

Summary of news:

  • According to a recent study by Concordia, government websites and apps use the same tracking technologies as commercial websites and apps.
  • Check out all the news and articles from the latest security news updates.


Comments are closed.