Dozens of popular iPhone apps are sharing the location data of millions of mobile devices with third-party data monetization firms, according to a group of security researchers called GuardianApp (via TechCrunch).
The apps in question are mostly news, weather, and fitness apps that require access to location data to work properly, but then share that data to earn money.
According to security researchers, the apps send both precise location and other sensitive customer data to data monetization companies "at all times, constantly" sometimes without customers being aware of the location data collection. The information is used for purposes like creating databases for ad targeting.
Researchers used tools to monitor network traffic to discover apps collecting Bluetooth LE data, GPS longitude and latitude, WiFi SSIDs, accelerometer information, battery charge percentage, location arrival/departure timestamps, and more.
While the apps say that personally identifiable information is not included in the data collection, one of the researchers, Will Strafach, told TechCrunch that latitude and longitude coordinates can provide information on a person's home or work. Many customers who agree to provide apps with location data may not be aware of the extent of the information being collected and shared.
Apps that were found to be collecting location info and sending it to data monetization firms include ASKfm, NOAA Weather Radar, Homes.com, Perfect365, C25K 5K Trainer, Classifieds 2.0 Marketplace, GasBuddy, Photobucket, Roadtrippers, Tapatalk, and more, with a full list available on the site.
The data is being sent to companies that include Reveal, Sense360, Cuebiq, Teemo, Mobiquity, and Fysical. These companies denied wrongdoing, suggested customers were able to opt out at any time, and said that developers are required to inform customers about the data collection.
Some of the apps in question do indeed have clear data collection notices when opening them up for the first time, but data monetization firms do not make sure apps are following disclosure policies and not all do.
GuardianApp also suggests users use a generic name for router SSIDs and turn off Bluetooth functionality when Bluetooth is not in use.
The apps in question are mostly news, weather, and fitness apps that require access to location data to work properly, but then share that data to earn money.
According to security researchers, the apps send both precise location and other sensitive customer data to data monetization companies "at all times, constantly" sometimes without customers being aware of the location data collection. The information is used for purposes like creating databases for ad targeting.
Researchers used tools to monitor network traffic to discover apps collecting Bluetooth LE data, GPS longitude and latitude, WiFi SSIDs, accelerometer information, battery charge percentage, location arrival/departure timestamps, and more.
While the apps say that personally identifiable information is not included in the data collection, one of the researchers, Will Strafach, told TechCrunch that latitude and longitude coordinates can provide information on a person's home or work. Many customers who agree to provide apps with location data may not be aware of the extent of the information being collected and shared.
Apps that were found to be collecting location info and sending it to data monetization firms include ASKfm, NOAA Weather Radar, Homes.com, Perfect365, C25K 5K Trainer, Classifieds 2.0 Marketplace, GasBuddy, Photobucket, Roadtrippers, Tapatalk, and more, with a full list available on the site.
The data is being sent to companies that include Reveal, Sense360, Cuebiq, Teemo, Mobiquity, and Fysical. These companies denied wrongdoing, suggested customers were able to opt out at any time, and said that developers are required to inform customers about the data collection.
Some of the apps in question do indeed have clear data collection notices when opening them up for the first time, but data monetization firms do not make sure apps are following disclosure policies and not all do.
"None of these companies appear to be legally accountable for their claims and practices, instead there is some sort of self-regulation they claim to enforce," said Strafach.iPhone users who want to avoid having their location data shared with data monetization firms should be wary of the third-party apps they install that are using location services. Limiting ad tracking in Privacy settings by going to Privacy > Advertising is recommended.
GuardianApp also suggests users use a generic name for router SSIDs and turn off Bluetooth functionality when Bluetooth is not in use.
103 comments
Disney chief executive and chairman Bob Iger has resigned from Apple's board of directors as Apple and Disney prepare to launch competing streaming services, Apple announced today in a filing...
Goldman Sachs this morning cut its target price for Apple's stock from $187 a share to $165 a share, claiming Apple's plans to give away free access to its upcoming Apple TV+ service...
Following the launch of iPhone 11 and iPhone 11 Pro pre-orders, Apple today shared two new videos highlighting iPhone 11 Pro features.
The first video features random objects, food, and water...
When the Apple Watch Series 5 lineup was introduced earlier this week, tech specs on Apple's website listed incorrect weights for the new models based on Series 4 weights. Apple has since...
A new article by The Hollywood Reporter today sheds light on why director/producer J.J. Abrams declined a big deal with Apple, which would have seen his Bad Robot production company become one of the...
On the heels of Apple introducing the iPhone 11 and iPhone 11 Pro this week, Samsung has shared a new ad that calls on iPhone users to "switch to the Galaxy Note10" and "fall in love"...
As part of a bipartisan investigation of competition in digital markets, the U.S. House Judiciary Committee today sent a letter to Apple CEO Tim Cook requesting that the company provide any documents...
iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max models include the necessary hardware for a two-way charging feature that was widely rumored for the devices, but Apple has disabled the feature on the...
