Your Apps Know Where You Were Last Night
The New York Times (tweet, Hacker News):
At least 75 companies receive anonymous, precise location data from apps whose users enable location services to get local news and weather or other information, The Times found. Several of those businesses claim to track up to 200 million mobile devices in the United States — about half those in use last year. The database reviewed by The Times — a sample of information gathered in 2017 and held by one company — reveals people’s travels in startling detail, accurate to within a few yards and in some cases updated more than 14,000 times a day.
These companies sell, use or analyze the data to cater to advertisers, retail outlets and even hedge funds seeking insights into consumer behavior. It’s a hot market, with sales of location-targeted advertising reaching an estimated $21 billion this year.
[…]
Many location companies say that when phone users enable location services, their data is fair game. But, The Times found, the explanations people see when prompted to give permission are often incomplete or misleading. An app may tell users that granting access to their location will help them get traffic information, but not mention that the data will be shared and sold. That disclosure is often buried in a vague privacy policy.
Along with the investigation, the New York Times published a guide to managing and restricting location data on specific apps. This is easier on iOS than it is Android, and is something everyone should be periodically doing. But the main takeaway, I think, is not just that we need to be more scrupulous about our location data settings. It’s that we need to be much, much more restrictive about the apps that we install on our phones.
[…]
What this means is that the dominant business model on our smartphones is one that’s predicated on monetizing you, and only through paying obsessive attention to your app permissions and seeking paid alternatives can you hope to minimize these impacts on yourself.
Don’t think Apple or Google get enough shit for incentivizing an app economy that relies on free apps that make money by monetizing the data collected by your phone. Allowing the “app is free but we sell your data” as a business model for flashlights and games was disastrous
This is another reason why I think Apple’s Walled Garden is so terrible. For years, it was completely fine to make sketchy apps that monetized data. Why wasn’t Apple protecting its users from that business model?
I suspect Apple would argue this is why you need a walled garden, but Apple has not done a great job of policing it, anyway, so it seems more like protectionism and an obsession with control than anything.
I see some are speaking about this as if apps keep their own location databases, but that is not the case. it is so much worse. the location data is sent directly from your phone to big centralized tracking databases owned by one or more of the 75 tracking firms.
App developers should, at the very least, be required to be completely forthright in their permissions request dialogs. If a developer is scooping and selling user data, they should be able to defend that practice to users in language that they can understand; if they cannot, then perhaps that’s a practice they should cease.
Previously:
- Cell Carriers Sold Location Data to Bounty Hunters
- US Cell Carriers Are Selling Access to Real-time Phone Location Data
- AccuWeather Caught Sending User Location Data, Even When Location Sharing Is Off
- Apps Can Track You Even After You Uninstall Them
- Google Collects Android Users’ Locations Even When Location Services Are Disabled
The NYTimes article is from over two months ago, and failed to make the case that this is a real problem on iOS. Whereas assault on privacy is Google’s business model! Of course the appearance of journalistic impartiality requires a pretense that both iOS and Android have equal problems—and Apple bashing is always good for a few clicks!