Your favorite iPhone apps are trading your location info for cash, according to a new report.
Rogue app developers have been slammed for allegedly selling real-world data about where you are, or where you’ve been.
Security researchers found more than two dozen apps that may be flogging your data onto outsider firms.
These third-party companies pay the app creators for information about your location, raising privacy concerns.
they “discovered that a growing number of iOS apps have been used to covertly collect precise location histories from tens of millions of mobile devices”.
The team added: “In many cases, the packaged tracking code may run at all times, constantly sending user GPS coordinates and other information.”
Lots of smartphone apps collect information about your location.
For instance, apps like Google Maps wouldn’t work correctly without knowing where you are.
And other apps – like TripAdvisor – don’t necessarily need your location, but can offer a better experience (like finding restaurants near you) by tracking where you are.
But security researchers say some developers are using your location to make a profit, rather than to simply improve their apps.
iOS apps accused of tracking your location data
These apps are allegedly selling your location info:
- C25K 5K Trainer
- Classifieds 2.0 Marketplace
- Code Scanner by ScanLife
- Coupon Sherpa
- My Aurora Forecast
- MyRadar NOAA Weather Radar
- NOAA Weather Radar
- PayByPhone Parking
- QuakeFeed Earthquake Alerts
- ScoutLook Hunting
- SnipSnap Coupon App
- The Coupons App
- Weather Live – Local Forecast
- YouMail Voicemail Upgrade
So how did the researchers discover these potentially problematic dealings?
When an app wants to sell your data to a data-harvesting company, the easiest way to do it is through an automatic process.
It involves simply taking a chunk of computer code from the “data monetization” firms, and then sticking it in the app.
That way, the app can simply scoop up data and flog it on with minimal effort.
Researchers dug into a number of apps in search of these chunks of code, making it possible to identify who may be selling your data on.
According to the report, all of these apps were selling one or more of the following types of data:
- Bluetooth LE Beacon Data – information about which real-world Bluetooth beacons you connect to
- GPS Longitude and Latitude – giving a precise pinpoint of your location
- Wi-Fi SSD and BSSID – showing your name and address of your current Wi-Fi network
This is very sensitive data, but that’s not all that was being scooped up.
The report says less sensitive info was also being nabbed, including info from your accelerometer (revealing the angle and position of your device), battery charge percentage, cellular network name, GPS altitude and speed, and time-stamps for your departure from and arrival at locations.
All 24 apps named in the report contained code from known location data monetisation firms. These firms are named as:
- Mobiquity Networks
- Sense 360
- Wireless Registrey
It’s worth noting some of the apps named in this report may no longer feature the allegedly rogue data-sale code.
How to turn iPhone location tracking off
Here are some tips to protect your location…
- Go into the Settings app then tap on Privacy
- Then go to Location Services then System Services (at the bottom of the list)
- From here you can turn off a host of different location tracking systems
- You can also turn Location Services off entirely to shutter any transmissions
- It’s also recommended to go into Settings, then Privacy, Then Advertising and turn on Limited Ad Tracking
- This makes it more difficult for advertisers to track you across the internet
We’ve asked Apple for comment and will update this story with any response.
In any case, Apple has been making significant efforts to prevent this kind of thing from happening.
The App Store policy strictly forbids developers from passing your location data onto third parties without you explicitly consenting to it.