Governments Buying Phone Location Data
In March, tech publication Protocol reported that multiple government agencies signed millions of dollars worth of deals with Babel Street after the company launched its Locate X product. Multiple sources told the site that Locate X tracks the location of devices anonymously, using data harvested by popular apps installed on peoples’ phones.
[…]
A myriad of smartphone apps, from weather predictors, to games, to flashlights, collect location data. Sometimes this may provide some benefit to the app’s operation itself, such as being able to route directions from a users’ current location, but many of these apps often sell that information as well to data brokers or other companies who incorporate it into their own products.
[…]
Many agencies have filed so-called reverse location warrants to ask Google to hand over information on what Android devices were in a particular area at a given time, for example. But an agency does not need to seek a warrant when it simply buys the data instead.
Apple needs to open up telemetry to give users control & purview, as well as attack the problem from the other side by creating a separate app review process for SDKs that demands code review and data audits.
I don’t know exactly how this would work, but it’s a real problem that users have no visibility or control over what happens to their data. Some apps legitimately need location access, and once that’s granted there’s little that can be done to protect you.
Via Dan Grover:
If Apple’s strength is being a walled garden, we might as well demand better walls.
Previously:
- Weather Apps, After Dark Sky
- iOS Apps Snooping on Pasteboard Data
- Chrome Updater Bug Prevents Macs From Booting
- Your Apps Know Where You Were Last Night
- Cambridge Analytica Harvested 50 Million Facebook Profiles
Update (2020-08-31): Rosyna Keller:
Far less specific location data is a feature of iOS 14…
Approximate Location is a new tool that can be enabled in iOS. Instead of switching off location-based data, this feature will make it…fuzzy. Apple reports that it will limit the location data sent to apps to a general 10-mile region.
[…]
Not all the details are certain yet, but we do know that apps will be able to track when a device moves from one region to another. Apps will probably be able to extrapolate on that data and know that you were somewhere along a particular border between one region and another.
Update (2020-09-07): Nick Heer:
Yesterday, the U.S. Court of Appeals for the Ninth Circuit unanimously confirmed that the NSA’s bulk collection of Americans’ phone records was illegal, and found no evidence that it ever found or convicted a single terrorist. But, even if it had helped, the program would still have been illegal because bulk surveillance is antithetical to a healthy democracy. If anything, this decision demonstrated that federal agencies are more constrained than private companies in their ability to collect information like this. That makes sense — the state should not be spying on citizens — but Cox’s reporting shows that the private sector has provided a convenient workaround.
Update (2020-11-27): Joseph Cox:
A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people's personal data to brokers, contractors, and the military.
3 Comments RSS · Twitter
Nobody is preventing any business models on the web, and there the situation is even more skewed towards the free with data exploitation.
It’s just what the vast majority of customers chose. And they do it, even if the know or guess what the data is used for. So I think transparency will make little difference, except for those few of us who do care.
>>The problem I see is that the App Store does not allow upgrades
>Nobody is preventing any business models on the web,
>and there the situation is even more skewed towards
>the free with data exploitation.
I'm not sure that's entirely true. There is a real, large market for professional, paid web apps.
Most charge subscription pricing, which I suspect people are more open to for web apps because they're entirely hosted on a third-party system. It makes sense to pay a subscription fee to cover the ongoing costs, whereas for a native app, a one-time fee with upgrade pricing is probably what most people expect.
It's just harder to sell a subscription to somebody if an app is entirely or mostly running on their own device.
The problem I see is that the App Store does not allow upgrades, which messes up legitimate business models. We are left with a bunch of data stealing apps because developers are just trying to make a living.