No Salvation from Trackers: Privacy Analysis of Religious Websites and Mobile Apps

Abstract

AbstractMany religious communities are going online to save costs and reach a large audience to spread their religious beliefs. Since the COVID-19 pandemic, such online transitions have accelerated, primarily to maintain the existence and continuity of religious communities. However, online religious services (e.g., websites and mobile apps) open the door to privacy and security issues that result from tracking and leakage of personal/sensitive information. While web privacy in popular sites (e.g., commercial and social media sites) is widely studied, privacy and security issues of religious online services have not been systematically studied. In this paper, we perform privacy and security measurements in religious websites and Android apps: 62,373 unique websites and 1454 Android apps, pertaining to major religions (e.g., Christianity, Buddhism, Islam, Hinduism). We identified the use of commercial trackers on religious websites—e.g., 32% of religious websites and 78% of religious Android apps host Google trackers. Session replay services (FullStory, Yandex, Inspectlet, Lucky Orange) on 198 religious sites sent sensitive information to third parties. Religious sites (14) and apps (7) sent sensitive information in clear text. Besides privacy issues, we also identify sites with potential security issues: 19 religious sites were vulnerable to various security issues; and 69 religious websites and 29 Android apps were flagged by VirusTotal as malicious. We hope our findings will raise awareness of privacy and security issues in online religious services.