SoylentNews is people
SoylentNews
Submitted via IRC for Bytram
Your Apps Know Where You Were Last Night, and They're Not Keeping It Secret
At least 75 companies receive anonymous, precise location data from apps whose users enable location services to get local news and weather or other information, The Times found. Several of those businesses claim to track up to 200 million mobile devices in the United States — about half those in use last year. The database reviewed by The Times — a sample of information gathered in 2017 and held by one company — reveals people’s travels in startling detail, accurate to within a few yards and in some cases updated more than 14,000 times a day.
These companies sell, use or analyze the data to cater to advertisers, retail outlets and even hedge funds seeking insights into consumer behavior. It’s a hot market, with sales of location-targeted advertising reaching an estimated $21 billion this year. IBM has gotten into the industry, with its purchase of the Weather Channel’s apps. The social network Foursquare remade itself as a location marketing company. Prominent investors in location start-ups include Goldman Sachs and Peter Thiel, the PayPal co-founder.
Businesses say their interest is in the patterns, not the identities, that the data reveals about consumers. They note that the information apps collect is tied not to someone’s name or phone number but to a unique ID. But those with access to the raw data — including employees or clients — could still identify a person without consent. They could follow someone they knew, by pinpointing a phone that regularly spent time at that person’s home address. Or, working in reverse, they could attach a name to an anonymous dot, by seeing where the device spent nights and using public records to figure out who lived there.
Many location companies say that when phone users enable location services, their data is fair game. But, The Times found, the explanations people see when prompted to give permission are often incomplete or misleading. An app may tell users that granting access to their location will help them get traffic information, but not mention that the data will be shared and sold. That disclosure is often buried in a vague privacy policy.
“Location information can reveal some of the most intimate details of a person’s life — whether you’ve visited a psychiatrist, whether you went to an A.A. meeting, who you might date,” said Senator Ron Wyden, Democrat of Oregon, who has proposed bills to limit the collection and sale of such data, which are largely unregulated in the United States.
“It’s not right to have consumers kept in the dark about how their data is sold and shared and then leave them unable to do anything about it,” he added.
(Score: 2) by stretch611 on Tuesday December 11 2018, @08:15PM (1 child)
The problem isn't with one or two apps, it is the whole app eco-system.
All it takes is one app with location permissions... Perhaps a weather app, after all, what good is weather if it doesn't know where you are located. And the thinking is how can one app matter.... it is not like everyone knows where you are located... or do they?
The issue is that the weather app is created with the FCKTHS software development framework. Well, you realize that the weather app devs know your location, but the framework pings back to itself the location also. It also sends information including your unique phone id. (not necessarily the phone number, but the unique phone id.)
But you say, "thats ok, its only one app." Well, a thousand other apps also use the FCKTHS framework. They may not have location data but they send back your phone id along with any other information they want to grab from your phone. The SDK makers tie the unique ids together and all of a sudden, apps that do not know your location suddenly figure it out. And when the framework devs start selling your data, you realize why the SDKs are often free and how they afford to host and promote their SDK to every other developer under the sun.
To make matters worse, most apps don't use a single SDK, they use more like 2 dozen each. And no one cares about your privacy.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 2) by Runaway1956 on Wednesday December 12 2018, @03:16AM
Someone should really expound on that concept. Fine-grained permissions, they say. Does the NSA respect those permissions? Does your telco? How about the manufacturer? Does Google respect those permissions?
Let's pretend for a moment that none of the above really matters. As you point out, there are tricks to get around a denial of permission. The only person who thinks your phone belongs to you, and to you alone, is the sucker who paid for the phone. No one else believes it.