Popular apps often secretly send personal data to marketing companies, or include invasive third-party trackers, or abuse permissions that they're granted, even in the background.
In our Privacy Reviews series, we dissect one app per review and tell you which third-party trackers it's using, what the trackers do, and what data they collect. We use Lockdown to automatically expose and block these behaviors.
For our first review, we chose the video chat app Houseparty due to its popularity, boosted by recent mandatory stay-at-home orders. Even though the app is free for its users, how much is the marketing data and tracking of 50+ million teens and young adults worth? We start with a summary card below.
Unique identifiers, IP address, User agent, the URL from the referring website, downloads and installations of Applications, and other interactions, events, actions, Customer issued user ID, show more clicks on Customer ads, ad impressions viewed, audiences or segments to which an ad campaign is attributed, the type of ads and the webpage or Application from which such ads were displayed, the webpages on Customer’s website visited by an End User, IDFA (identifier for advertisers), Android ID; Google Advertiser ID, browser type, device type and model, CPU, system language, memory, OS version, Wi-Fi status, time stamp and zone, device motion parameters, carrier.
Contact Information, Profile Information, Communications, Marketing Information, Financial Transaction Information, Device Data, Online Activity Data, Professional or Employment Information, User Preferences
IP Address, Cookie, Link Data, User Agent, Referrer, Request, Phone Number, Engagement Data, iOS Identifier for Advertising, iOS Identifier for Vendors, Android Advertising ID, Android ID, show more Branch Cookie ID, App Version, Device model, Manufacturer, Operating system, Operating system version, Screen size, screen resolution, Session start/stop time, Mobile network status (WiFi, etc), Application installed time, Application updated time, Device locale (country and language), Local IP address, Mobile platform, Branch SDK version, Carrier ID, MAC address, Windows Advertising ID, CPU ID
Personal Data includes Data Subjects’ email, name and IP address, and other Personal Data that Client may submit through or upload to the Company’s systems the extent of which is determined and controlled by the Client in its sole discretion
The list of blocked tracking attempts in five minutes of using Houseparty.
Lockdown recorded and blocked 224 tracking attempts to six third parties in our five minutes of using Houseparty. This included app installation, initial launch, signup, and a ten second videochat.
The more actions that we took, the more third-party tracking was recorded - for example, opening settings and modifying something would create tracking attempts. Adding a friend would also create multiple tracking attempts, as would starting a video call.
We detected no background tracking (tracking that occurs when the app was not in use) in the one hour time span that we monitored Houseparty.
Every time Houseparty was re-opened, Lockdown logged 36 more tracking attempts to at least three different third-party trackers.
Houseparty's Privacy Grade: C+.
While we can't be certain exactly what Houseparty is sending to third parties, we know at the very least, every app activation and user action, along with unique identifiers are being sent for unknown processing. That amounts to hundreds of data points per user per day, multiplied by over 50 million+ users, multiplied by the number of different marketing and tracking companies.
During our testing, we did not use Houseparty's "Connect To Facebook" feature. Had we done so, we would have likely logged Facebook Tracker blocking in addition to the other third parties above.
If you have the Lockdown app installed, you're automatically protected against the trackers and privacy intrusions described above. This test was conducted using version 0.3.6, and with the "Marketing (Beta)" Block List set to "Blocked".
Please share this Privacy Review if you found it useful. Send us feedback, questions, or even request an app's Privacy Review at firstname.lastname@example.org.
Press and media have permission to use the research/content above, provided that they attribute and link back to this review.