Inside Joel Reardon’s office is a network of wires, phones and routers. This is what the University of Calgary researcher calls his “device farm.”
“I’m capturing as much information as I can,” Reardon said, pointing to a series of smartphones.
It’s part of a system the associate professor has developed to monitor app behaviors and network traffic.
And he’s finding more and more data, including location information, being sent to data brokers and third parties, often far beyond Canadian borders.
“I was testing this app by Alibaba,” said Reardon, citing one example. “(I) found that it was transmitting to an IP address in Hong Kong — information including an identifier for the particular device and the MAC address of my WIFI router.”
“The same behaviour was also occurring on the AliExpress app, and it was sending the information — in this case — to a server in Washington, D.C.”
Reardon suggests router information can easily be linked to location, as soon as location access is provided, or mined elsewhere.
For example, Reardon points to an app like Apitor, which is developed for use with robotic toys for children.
He suggests the app is not only sending router addresses but also including location coordinates.
“The fact is that they are quite possibly on your device collecting your location and sending it off to somewhere on the planet, where it’s being presumably stored,” suggested Reardon.
“It certainly gives me pause whenever I see an offer to install a free app.”
It’s a concern that consumers are increasingly wary of.
“I go into every app’s settings and manually switch it so it’s only (accessing location) when you’re using the app and it’s not in the background,” said Calgarian Cole Lehto.
“But as much as I worry about it, if the use case is there … I’ll put up with it.”
The AliExpress and Alibaba e-commerce apps have millions of downloads. Neither they nor Apitor responded to a Global News request for comment.
Federal ministries, including Public Safety Canada, told Global News they’re looking into the concerns.