While you probably already know enabling location services for third-party apps might compromise your privacy, an investigative New York Times report details just how creepy and personal smartphone location data can be.
According to the Times, at least 75 companies get “anonymous” but extremely precise app location data from about 200 million smartphones in America. Some collect this data as frequently as 14,000 times a day. That information isn’t exactly surprising on its own — if you’re tech-savvy, you know enabling location data is sketchy and that some of it is probably used for advertising. But the scale and murkiness surrounding the location tracking industry is disconcerting, to say the least. In a couple of instances, the Times was able to track people within a few yards of their actual locations. Reporters also found that companies had access to location data from hospitals, homes, schools, and shops. To cite one particularly skeevy example, ad firms target campaigns for personal injury lawyers to people in emergency rooms.
The report notes that even though personal data sent to advertisers is anonymized and not tied to a phone number or unique identifier, the Times found it easy to figure out a person’s identity based on their specific daily routines — such as where you sleep each night, your morning commute, or even your frequent haunts.
Of 20 popular apps tested, the Times found that 17 apps sent exact coordinates to 70 businesses. It also noted that only three on iOS and one on Android prompted users that their data could be used for advertising. Some of the tested apps included WeatherBug, the Weather Channel, theScore, GasBuddy, DC Metro and Bus, Tube Map – London Underground, Perfect365, SnipSnap Coupon App, and Masha and the Bear: Free Animal Games for Kids.
Even if users enabled location services for benign purposes, like getting traffic updates, the reporters discovered that some apps didn’t clearly disclose the extent to which the collected data was used. For example, the Times found the Weather Channel app — the Weather Channel is owned by an IBM subsidiary — analysed collected user data for hedge funds, but the location prompt only stated users would get “personalised local weather data, alerts, and forecasts.” Furthermore, there are no federal laws specifically limiting how this type of location is used or collected, and lack of regulation means there’s no uniformity as to how customer data is protected.
While enabling location data does make apps more convenient, the Times report is a good reminder to periodically review which apps have permission to share your location. On iOS, you can go through settings, privacy, and finally location services. Once there, you can manually go through your apps and decide whether to allow location settings always, never, or only while using the app. On Android, you can go through settings, security & location, locations, and then app-level permissions. And you know, purging apps you don’t use anymore can’t hurt either.