Your devices are tracking you all the time. You just don’t know it yet. When you consent to sharing your data with many popular apps, you’re also allowing app developers to collect your data and sell it to third parties through trackers that supply advertisers with detailed information about where you live, work, and shop.
In November 2017, Yale Privacy Lab detected trackers in over 75% of the 300 Android apps it analyzed. A March 2018 study of 160,000 free Android apps found that more than 55% of trackers tried to extract user location, while 30% accessed the device’s contact list. And a 2015 analysis of 110 popular free mobile apps revealed that 47% of iOS apps shared geo-coordinates and other location data with third parties, and personally identifiable information, like names of users (provided by 18% of iOS apps), was also provided.
While the presence of trackers doesn’t necessarily mean developers are breaking the rules, emails obtained by BuzzFeed News show how data marketing firms convince developers to include trackers in their apps: cash.
“Most third-party services operate in the background and do not provide any visual cues inside the apps, effectively tracking users without their knowledge or consent while remaining virtually invisible,” wrote researchers in a February 2018 study. Meanwhile, the collected data is virtually untraceable as it is passed from data broker to marketers to others.
Apple and Google’s policies prohibit sharing or selling user data with third parties unrelated to improving the app experience or displaying ads in the app. But it’s easy for developers to evade detection. Trackers are tucked away in the app’s codebase, and developers can share user data outside of their apps by uploading it to a server.
Here’s how location tracking works: Marketing companies offer app developers cash in exchange for implementing a few lines of code — called an SDK or “software development kit” — into their apps. The SDK sucks up all the user data that the app has access to, and the developer gets a check every month in return. Marketers use the location data to target advertising campaigns based on where you are (a coupon for donuts when you’re next to a donut shop, for example) and to measure whether an online ad drove you to visit a retail location. The goal is to understand your habits and ultimately, get you to buy something.
Because data collection for the purposes of advertising is either disclosed in long-winded privacy policies or not at all, it’s difficult to tell which apps have trackers and which don’t.
Nearly all types of apps include trackers. Major companies whose businesses are built on advertising-based revenue — like Facebook and Facebook-owned Instagram, as well as Google’s suite of apps including Gmail and YouTube — collect a wealth of detailed user information. But because Facebook and Google run their own advertising ecosystems, not sharing their user data protects their competitive advantage. But smaller companies do have financial incentive to share data with third parties.
Even restricting location access on an app won’t necessarily prevent it from revealing your location. Abbas Razaghpanah, a researcher at Stony Brook University, found 581 Android apps, including dozens geared toward preschool-age children made by a developer called BabyBus, shared Wi-Fi access point names and MAC addresses (a unique identifier assigned to all network devices, like your router), which can be cross-referenced with a public database to pinpoint your location.
Location data can also be used to infer sensitive, personal details about you. Copley Advertising used phone location data to target young women near reproductive health clinics across the country, like Planned Parenthood, with ads from anti-abortion groups. In April, the advertiser reached a settlement with the Massachusetts Attorney General that bars it from targeting women with these ads.
Marketers say that the information they collect is anonymized, but it’s easy to de-anonymize location data, according to several studies. And it’s hard for Apple and Google to police developers’ behavior on their massive platforms: Both the iOS App Store and Google Play Store host over 2 million apps each. Moreover, both say protecting user pring, and it’s being used to manipulate and herd people.
– If you have an iPhone, go to the Settings app > Privacy > Advertising and enable Limit Ad Tracking. There, you can also reset your advertising identifier, which clears the data associated with your advertising number. You can also opt out of location-based ads by going to Settings > Privacy > Location Services > scrolling all the way down to System Services and disabling Location-based Apple Ads.
– If you have an Android device, go to Settings > Google > Ads > and enable Opt out of ads personalization. You can also reset your advertising ID there. All Google users can turn off ads personalization through the Ad Settings page.
– Firefox has a free mobile browser built just for blocking ads and ad trackers, called Firefox Focus. For browsing on the web, you can use the Privacy Badger browser extension with Chrome or Firefox, which is an ad and ad tracker blocker by the Electronic Frontier Foundation.
– When you download an app and it asks for any kind of permission, consider whether it really needs it.
– If an app is free, comb through its website and try to understand its business model.
If you are reading this on your mobile, be careful. Someone could be watching us.
Check out my related post: Should Facebook pay for content?