Rubin Shrestha
Rubin Shrestha
Blog

Can app cache be used to infer user behavior, even if the app is never opened? [migrated]

by |Published

While researching app behavior on Android—particularly on Samsung devices—I noticed that many apps (e.g., YouTube, Google Play Services for AR, Samsung-specific preinstalled apps ) accumulate cache data even when they haven’t been opened or actively used. This led me to question whether cache data could be used to infer user behavior, especially in the context of advertising.

What I’ve observed

  • Apps like Samsung Notes, Cloud f.e. build up cache despite never being launched (according to my device usage diagnostics).
  • Samsung devices often come preloaded with apps and services tied to advertising platforms (e.g., AdGear Technologies, Inc., listed as a Samsung-affiliated advertiser on iabprivacy.com).
  • Cache typically doesn’t contain personal identifiers, but aggregated cache data across multiple apps could potentially reveal patterns of user behavior or preferences.

My question:
Is it technically possible for a device manufacturer or third-party service to use app cache data (even from unused apps) to infer user behavior or interests for advertising purposes?

I’m particularly interested in:

  • Whether Android or Samsung’s system services can access and correlate cache data across apps.
  • If cache data (e.g., image thumbnails, preloaded content, timestamps) can be used to build behavioral profiles.
  • Any known mechanisms or permissions that would allow this kind of cross-app cache analysis.

Cache (example references: 1 & 2) is often overlooked in privacy discussions because it’s assumed to be non-personal. However, I’d like to know whether others—especially those with expertise in Android internals, Java/Kotlin development, or digital privacy law—have insights into whether cache could be exploited in this way.

References:

  1. Sertainty. (n.d.). Can cached data undermine your company’s secure data? Sertainty. Retrieved May 24, 2025, from https://www.sertainty.com/blog/cached-data-threats/

  2. Lie Ryan. (2015, April 29). Best practice for caching sensitive data. Information Security Stack Exchange. Retrieved May 24, 2025, from https://security.stackexchange.com/questions/87144/best-practice-for-caching-sensitive-data

You may also like