INSUBCONTINENT EXCLUSIVE:
A group of security researchers say dozens of popular iPhone apps are quietly sharing the location data of ''tens of millions of mobile
devices& with third-party data monetization firms.
Almost all require access to a user location data to work properly, like weather and
fitness apps, but share that data often as a way to generate revenue for free-to-download apps.
In many cases, the apps send precise
locations and other sensitive, identifiable data &at all times, constantly,& and often with &little to no mention& that location data will
be shared with third-parties, say security researchers at the GuardianApp project.
I believe people should be able to use any app they wish
on their phone without fear that granting access to sensitive data may mean that this data will be quietly sent off to some entity who they
do not know and do not have any desire to do business with,& said Will Strafach, one of the researchers.
Using tools to monitor network
traffic, the researchers found 24 popular iPhone apps that were collecting location data — like Bluetooth beacons to Wi-Fi network names
— to know where a person is and where they visit
These data monetization firms also collect other device data from the accelerometer, battery charge status and cell network
names.
AccuWeather updates its iOS app to address privacy outcry
In exchange for data, often these data firms pay app developers to
collect data and grow their databases and often to deliver ads based on a person location history.
But although many claim they don''t
collect personally identifiable information, Strafach said that latitude and longitude coordinates can pin a person to a house or their
work.
To name a few:
ASKfm, a teen-focused anonymous question-and-answer app, has 1,400 ratings on the Apple App Store and touts tens of
It asks for access to a user location that &won''t be shared with anyone.& But the app sends that location data to two data firms,
When reached, the app maker said it believes its location collection practices &fit industry standards, and are therefore acceptable for our
users.
NOAA Weather Radar has more than 266,000 reviews and has millions of downloads
Access to your location &is used to provide weather info.& But an earlier version of the app from March was sending location data to three
firms, Factual, Sense360 and Teemo
The code has since been removed
A spokesperson for Apalon, which built the app, said it &conducted a limited, brief test with a few of these providers& earlier this
year.
Homes.com is a popular app that asks that you switch on your location to help &find nearby homes.& But the code, thought to be old
code, still sends precise coordinates to AreaMetrics
The app maker said it used AreaMetrics &for a short period& last year but said the code was deactivated.
Perfect365, an augmented reality
beauty app with more than 100 million users, asks for location to &customize your experience based on your location and more,& and refers
users to the privacy policy for more — which does state that location data will be used for advertising
The app was briefly pulled after a BuzzFeed News story earlier this year outed the researchers, but returned to the app store days later
The current app version contains code for eight separate data monetization firms in the latest version of the app
The app maker did not return a request for comment.
And the list goes on — including more than a hundred Sinclair-owned local news and
weather apps, which share location data with Reveal, a data tracking and monetization firm, which the company sayswill help the media giant
bolster its sales by &providing advertisers with target audiences.
That can quickly become a lucrative business for developers with popular
apps and monetization firms alike, some of which collect billions of locations each day.
Most of the data monetization firms deny any
wrongdoing and say that users can opt out at any time
Most said that they demand that app makers explicitly state that they require app developers to explicitly state that they are collecting
and sending data to third-party firms.
The team research shows that those requirements are almost never verified.
Reveal said it requires
customers &state the use cases for location data in their privacy policy& and that users can opt-out at any time
Huq, like Reveal, said it carries out ®ular checks on our partner apps to ensure that they have implemented& measures that explain the
AreaMetrics, which collects primarily Bluetooth beacon data from public areas like coffee shops and retail stores, says it has &no interest&
in receiving personal data from users.
Sense360 said the data it collects is anonymous and requires apps to get explicit consent from its
users, but Strafach said few apps he seen contained text that sought assurances
But the company did not answer a specific question why it no longer works with certain apps
Wireless Registry said it also requires apps seek consent from users, but would not comment on the security measures it uses to ensure user
And in remarks, inMarket said it follows advertising standards and guidelines.
Cuebiq claims to use an &advanced cryptography method& to
store and transmit data, but Strafach said he found &no evidence& that any data was scrambled
It says it not a ''tracker& but says while some app developers look to monetize users& data, most are said to use it for insights
And, Factual said it uses location data for advertising and analytics, but must obtain in-app consent from users.
When reached, Teemo did
SafeGraph, Mobiquity and Fysical did not respond to requests for comment.
None of these companies appear to be legally accountable for
their claims and practices, instead there is some sort of self-regulation they claim to enforce,& said Strafach.
He said there isn''t much
users can do, but limiting ad tracking in your iPhone privacy settings can make it more difficult for location trackers to identify
users.
Apple crackdown on apps that don''t have privacy policies kicks in next month
But given how few people read them in the first place, don''t expect apps to change their behavior any time soon.
Apple will require all
apps to have a privacy policy as of October 3
