So, it is a given that you have apps on your phone or mobile devices that are tracking you!
Stop right here if you don’t care about your privacy or you are convinced that you have nothing of value on your devices – like banking information, social security numbers, personal information about your health, details about where you live, your calendar, and when your house is likely to be vacant (based on your daily agenda and itinerary), etc.
If you do care, let’s see what is happening.
Why does this matter? Most apps take information from your devices, and you have NO IDEA what they are doing with it or who they are selling it to. In some cases, it makes you VERY vulnerable to tracking and potential harm, either financially or in some cases physically.
The ACLU released thousands of documents showing how ICE, FBI, US Intelligence agencies and DHS bought app location data on Americans!
Oh, and did you know your auto insurer is buying this data too to see what you are doing and where you are going? So is your favorite fast-food restaurant, etc.
But you say – my app’s profiles say they don’t sell my location data. But the reality of “selling” data is complicated. In the physical world, selling a product means an item transfers from seller to buyer. For location data and many other kinds of digital information, however, it’s more accurate to say brokers sell “access” to the data!
The location data industry is a $15 billion annual market! Money talks!
But you say, “Apple is protecting me with their new privacy push.” But there is a lot of money involved. According to an article in 9to5MAC, “Since App Tracking Transparency was introduced with iOS 14.5, every iPhone and iPad app now has to ask users whether they want to be tracked or not. However, some developers have figured out new ways to keep tracking iOS users even when they opt out of being tracked by third-party apps.”
New independent research via an article in Ars Technica has revealed how these developers have been bypassing the new iOS privacy features to identify and track users even when they don’t want to. While App Tracking Transparency (or ATT) does work, it still has some loopholes that let apps silently collect some data from a user’s device.
The researchers analyzed nine iOS apps that use server-side code to generate a user identifier even when App Tracking is disabled. The code seems to be provided by a subsidiary of the Chinese company Alibaba, which is able to track this identifier across apps. As a result, advertising companies are still able to target content to a specific user. Location ATT or not. And this is used by many, many apps.
Android is just as bad but at least it is open enough so there are programs which can analyze apps and tell you what the app is taking from you.
So what do you do?
As a security professional – The Few, The Proud, The Paranoid – you remove as many apps as you can and only install them when you need them.
If you are a non-paranoid person, you should be, but you should minimize your exposure. Go to settings and disable location on all your apps. They will balk, but they will ask you for permission when you use them.
On Android, download DuckDuckGo and enable App Tracking Protection. It prevents most of your data from being shared. It’s not perfect but it is pretty good.
On iPhone: Go to Settings > Privacy & Security > Tracking and toggling off Allow Apps to Request to Track. Again, not perfect but helpful. But you too should be using the DuckDuckGo browser OR Brave Browser – they don’t track, store or report anything.
As an example: When I am home the apps on my phone: Phone (Duh), camera, Authenticator (for 2 factor authentication), calculator, DuckDuckGo browser, clock, contacts, K-9 mail, maps, my files, outlook, four different VPNs that I rotate through, QTel (formerly Qphone) for high security voice, video and messaging and Smart Audiobook.
That’s it.
If I need to do something with my bank, it takes less than a minute to download, install and open. Oh, I don’t do social media because it steals everything from you, the same thing for fitness apps.
I do travel a lot so when I am about to travel, I will download my Airline App, my Hotel App, Uber app, Translator (for foreign travel), my rental car app, etc. – but I deny location access until I need them.
When it comes to privacy, electronic hygiene is extremely important. You can learn more about that here.
