These apps may be selling out your location data for a few extra dollars

'The GuardianApp team has discovered that a growing number of iOS apps have been used to covertly collect precise location histories from tens of millions of mobile devices, using packaged code provided by data monetization firms.'

People like to think Apple's App Store is rigid and closed but it actually provides an enormous amount of freedom and flexibility to developers so they can craft useful and hopefully thoughtful apps for us, the shared users and customers. Unfortunately, the same frameworks that some developers use to make groundbreaking apps others misuse to make trust-breaking ones instead.

From the Guardian App blog:

In order to gain initial access to precise data from the mobile device's GPS sensors, the apps usually present a plausible justification relevant to the app in the Location Services permission dialog, often with little or no mention of the fact that location data will be shared with third-party entities for purposes unrelated to app operation.This page contains potential mitigations for end users, 24 examples of apps which contain code from location data monetization firms, 12 known location data monetization firms, and nearly 100 examples of regional/local news apps which have previously contained code from a specific location data monetization firm (RevealMobile).

In some cases, the access requested and code run may truly be beneficial — for example, trying to provide location-specific services when and where you need them. In other cases, it may be a cheap way to sell out their own users in order to generate revenue from data harvesting companies. In both cases, use of pre-packaged code from data harvesting companies means the second likely happens even when the goal is the first.

Guardian App founder, Will Strafach — a name that should be familiar to anyone in the iOS infosec community — also followed up with a series of tweets chronicling (no pun intended) the reactions of some of the companies once they were caught.

See more

The report lists two dozen apps and a bevy of companies that make money off data farming through those apps.

If this offends you, you can turn on Limit Ad Tracking in Settings > Privacy > Advertising, and refuse to grant access to location data when the apps ask for it. You can also check out this video for more privacy tips:

I'd like to think awareness and public shaming would help stamp out this practice. Unfortunately, there's just too much money to be made for that to be realistic. I'd also love Apple, which prides itself on championing privacy, to get way more proactive about how App Store apps use, and in some cases abuse, our data. (I'm sensitive that Apple is already considered far too controlling by some, but quantity and quality are two very different measures.)

Ultimately, it's up to us, the customers and users, to educate ourselves and to vote with our money, time, and attention. If companies abuse our data, we need to starve them out of existence with extreme prejudice.

○ Video: YouTube
○ Podcast: Apple | Overcast | Pocket Casts | RSS
○ Column: iMore | RSS
○ Social: Twitter | Instagram

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

  • I always disable location unless its absolutely necessary and only while using app even if it is as I don't trust most developers sadly. I think this would be tough to enforce but would love to see a notification that they are mining data if possible but that relies on developers being honest.
  • I'd like to see Apple crack down on the deceptive tactics that apps use where they ask you for information for one legitimate/useful purpose but then either use it for other unrelated/undesired processes or sell it to data brokers. Moreover, apps should be removed from the app store unless they comply with Apple's privacy policies as well as the settings on your device.
  • Hey Rene - I have a serious question for you which you may find challenging to answer: If you truly care about privacy, as you seem to, why are there so many privacy-violating trackers on your site? I notice trackers from Google (both Google proper as well as DoubleClick and YouTube), Facebook (and Instagram), Twitter, Taboola, Viglink, etc.. I removed Google Analytics from my site (as well as all other privacy-violating Google assets like Google fonts) after I saw the creepy "demographic" information that they keep track of. As long as you continue to help these advertising companies violate the privacy of your readers, you will only be paying lip service to privacy while ignoring the problem in your own backyard.