These apps may be selling out your location data for a few extra dollars

'The GuardianApp team has discovered that a growing number of iOS apps have been used to covertly collect precise location histories from tens of millions of mobile devices, using packaged code provided by data monetization firms.'

People like to think Apple's App Store is rigid and closed but it actually provides an enormous amount of freedom and flexibility to developers so they can craft useful and hopefully thoughtful apps for us, the shared users and customers. Unfortunately, the same frameworks that some developers use to make groundbreaking apps others misuse to make trust-breaking ones instead.

From the Guardian App blog:

In order to gain initial access to precise data from the mobile device's GPS sensors, the apps usually present a plausible justification relevant to the app in the Location Services permission dialog, often with little or no mention of the fact that location data will be shared with third-party entities for purposes unrelated to app operation.This page contains potential mitigations for end users, 24 examples of apps which contain code from location data monetization firms, 12 known location data monetization firms, and nearly 100 examples of regional/local news apps which have previously contained code from a specific location data monetization firm (RevealMobile).

In some cases, the access requested and code run may truly be beneficial — for example, trying to provide location-specific services when and where you need them. In other cases, it may be a cheap way to sell out their own users in order to generate revenue from data harvesting companies. In both cases, use of pre-packaged code from data harvesting companies means the second likely happens even when the goal is the first.

Guardian App founder, Will Strafach — a name that should be familiar to anyone in the iOS infosec community — also followed up with a series of tweets chronicling (no pun intended) the reactions of some of the companies once they were caught.

The report lists two dozen apps and a bevy of companies that make money off data farming through those apps.

If this offends you, you can turn on Limit Ad Tracking in Settings > Privacy > Advertising, and refuse to grant access to location data when the apps ask for it. You can also check out this video for more privacy tips:

I'd like to think awareness and public shaming would help stamp out this practice. Unfortunately, there's just too much money to be made for that to be realistic. I'd also love Apple, which prides itself on championing privacy, to get way more proactive about how App Store apps use, and in some cases abuse, our data. (I'm sensitive that Apple is already considered far too controlling by some, but quantity and quality are two very different measures.)

Ultimately, it's up to us, the customers and users, to educate ourselves and to vote with our money, time, and attention. If companies abuse our data, we need to starve them out of existence with extreme prejudice.

○ Video: YouTube
○ Podcast: Apple | Overcast | Pocket Casts | RSS
○ Column: iMore | RSS
○ Social: Twitter | Instagram

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.