Monday, September 7, 2020

Private Intel Firms Buying Phone Location Data

Joseph Cox (tweet):

A threat intelligence firm called HYAS, a private company that tries to prevent or investigates hacks against its clients, is buying location data harvested from ordinary apps installed on peoples’ phones around the world, and using it to unmask hackers. The company is a business, not a law enforcement agency, and claims to be able to track people to their “doorstep.”

The news highlights the complex supply chain and sale of location data, traveling from apps whose users are in some cases unaware that the software is selling their location, through to data brokers, and finally to end clients who use the data itself. The news also shows that while some location firms repeatedly reassure the public that their data is focused on the high level, aggregated, pseudonymous tracking of groups of people, some companies do buy and use location data from a largely unregulated market explicitly for the purpose of identifying specific individuals.


A Chinese data company boasts that it has its SDK on 1.36 billion devices per month, and has been quietly gathering location data, device ID and other apps on the device without permission, researchers found[…]

Matthew Green:

Apple and Google should inject targeted data into phones running all these apps, then when it shows up for sale they should nuke the developers from orbit.

I find it so strange that Apple and Google justify their app store monopoly with “privacy and security” but practices like this are endemic to their stores.


Comments RSS · Twitter

Leave a Comment