When it comes to connecting to the internet, web browsers offer a certain level of transparency. Apps, on the other hand, are black boxes. We don’t know how they work? What kind of services are running in the background? But all of this doesn’t concern a common consumer as apps provide a better user experience.
Building an app can get quite cumbersome, with a lot of aspects to manage developers use third-party services for ads. Most apps use the Facebook SDK for collecting user data for running targetted ads.
Most of the users generally have no idea that Facebook is collecting their information for ads in the background or some who do simply don’t care.
So, apparently some good samaritans at International Computer Science Institute, UC Berkley came up with a research app called Lumen Privacy Monitor, which is a part of the haystack research project. Lumen can assist users in knowing about which apps on their smartphones are mining what data.
Lumen shows all the connections an app makes and enables users to restrict them if they think they’re too intrusive. In some cases, these background services can extract personal information and Lumen tells users when an app does this.
While the primary goal of this project is to analyse mobile traffic from multiple users to determine the flow of data between apps and third-party services, it requires users to send data through their servers, which in itself raises a big privacy issue.
So, here in this article, we take a deeper dive at what Lumen app offers and if it is useful for end users.
Also read: How to manage your Google Drive storage?
How does Lumen privacy monitor work?
Lumen uses the VPN permissions on Android to track all the traffic leaving your apps. This VPN runs locally on the device and acts as middleware between apps and sockets. Due to this, the middleware can detect the endpoints of all the packets which flow through.
It offers a feature of reading all your encrypted traffic to know if apps collect personal information. To do this, you need to install a TLS certificate on your device. This allows the app to read encrypted traffic which enables it to determine personal information leaks.
While all this personal information stays on your device, for analysing all this data, the app sends it to online servers — the first red flag.
The app shows all the data it systematically extracts from your traffic and gives you the ability to stop specific flows if you think they are tracking too much data.
As mentioned earlier, the Lumen app is developed by UC Berkeley and sends the data collected by your app to their servers. By sending your data, researchers understand how data from multiple devices is sent to various data collection companies.
Is Lumen really that great?
As you can see the app in its entirety, is quite powerful. It can track all the traffic generated by apps and read all the encrypted communications between your device and servers to detect personal information leaks.
Not only this, but the data it procures is also sent to servers for analysis for research purposes.
So if you look at it, Lumen is a tracking app on steroids.
In terms of in-app permissions, Lumen asks for access to contacts, location, messages, apps running on your device and accounts on your device. The developers say that they need all this information for detecting personal information leaks, which is quite ironic.
The project has come out with several research papers which make a user understand how their data is under attack. Still, the app in itself is collecting user data which includes encrypted traffic for conducting this research.
The app does not function properly in case of Samsung devices with Knox security as it does not let the app gain access to certain network resources. Also running the app in the background can cause excessive battery drain
In the end, all we can say is that the Lumen Privacy Monitor helps users understand how apps are leaking personal information but extracts a lot of information to do so. Therefore before installing the app one should understand that tracking your data comes at a price of giving data to researchers for analyses.
A tech enthusiast, driven by curiosity. A bibliophile who loves to travel. An Engineering graduate who loves to code and write about new technologies. Can’t sustain without coffee.
You can contact Nischay via email: [email protected]