Coventry University researchers shocked by excessive data harvesting by apps

A cartoon illustration of a man holding a magnifying glass
University news / Research news

Monday 22 May 2023

Press contact

Press Team

Researchers at Coventry University are helping people to safeguard their privacy after discovering excessive data harvesting by websites and apps.  

Citizen Scientists Investigating Cookies and App GDPR compliance (CSI-COP) is an award-winning privacy project led by Coventry University’s Centre for Computational Science and Mathematical Modelling (CSM) in collaboration with nine other organisations. 

Its aim is to investigate what personal data websites and apps are automatically tracking when a user visits web pages or uses apps, and which have been set up to be more respectful of users’ privacy. 

As part of the project members of the public were recruited and trained as ‘citizen scientists’ to investigate what cookie notices and privacy policies websites and apps use. 

This week during a special event taking place in Coventry University’s Brussels Hub (23-26 May 2023), the CSI-COP collaborators and privacy champions will present their results in exhibition-style, launching its repository of cookies and online trackers containing the project’s findings on more than 1000 websites and apps examined. 

Many websites use forms of tracking, including ‘cookies’, to analyse a user’s journey through web pages or apps, monitoring information such as the time spent browsing, and where the visitor goes to next. 

Such data is valuable and is often shared between third parties and sold to online advertisers who can use it to target users with products and services based on their browsing activities. 

Under GDPR legislation websites and apps must now ask visitors’ permission to allow cookies, but many users simply accept their use as it is often more convenient and it can be harder to disable cookies on some platforms. 

We have been quite shocked by what we’ve found, apps for instance should only require the permissions needed to make that app function, but many take permissions that are completely unnecessary, often asking for access to pictures and contacts. 

While websites now require users to agree to cookies, because there is no standard cookie notice, many of them are ambiguous and they often use complicated legal language.  

Our repository will enable people to find if an app they use or a website they visited featured in CSI-COP’s investigations. We need websites and apps to be transparent about what data is being collected and seek informed consent for personal data.

Dr Huma Shah, project co-lead at Coventry University

It was not until I became involved with CSI-COP that I realised how popular websites and mobile phone apps use cookies and various forms of trackers to send data to third parties. The techniques used by citizen scientists are easy to learn to help anyone manage their or their children’s exposure on the internet.

The CSI-COP repository has a searchable list of websites and mobile device apps that have already been analysed by the citizens scientists that can be accessed by anyone. I now no longer just press the accept button when the cookies banners appear and have used a more privacy focussed browser and phone apps because of CSI-COP.

Professor Ian Marshall, Deputy-Vice-Chancellor and Chief Operating Officer at Coventry University and Citizen Scientist

CSI-COP has also launched its own tracking-free website, designed to protect the privacy of all users and encourage others to adopt a privacy-by-design website philosophy. 

Visit the public repository of website and app investigations.