See attachments
Your Smartphone: Big Brother’s Best Friend
Every minute of every day, all over the world, dozens of companies are tracking the precise locations of tens of millions of people with mobile phones and storing the data in gigantic data repositories. One of those being tracked could be you. Anyone who has accessed these data can see whom you’ve met, where you spent the night, where you pray, or whether you visited a psychiatrist’s office or massage parlor.
Google Maps, with over one billion users, is perhaps the most popular location-based app in the world. Most of its users are having their locations tracked. Google, Facebook, and other large tech companies are more likely to keep the location data they collect for internal use. But many smaller companies, such as Reveal Mobile, operating behind the scenes in mobile apps, also collect location data from your phone’s sensors, with your knowing or unknowing consent.
The location data have many uses, such as providing maps and driving directions, facilitating payments, analyzing urban traffic patterns, and identifying where Americans have—and haven’t—been practicing social distancing during the coronavirus pandemic. However, location data are often sent to marketing companies to create targeted advertising. Once companies have legally obtained location data, there are few legal restrictions on what they can do with them, including selling the data for profit. Every app is potentially transmitting data to five or ten other apps. Your data are being combined with other data to learn more about you. It’s difficult to know which apps are sharing and profiting from peoples’ location data.
How is this allowed to go on? When downloading an app, a mobile phone user “consented,” by clicking on an “I agree” screen to the terms of service in order to use the app. Downloading the app and agreeing to terms of service are potentially allowing the user’s sensitive information to be exposed to ad networks, data brokers, and other technology companies. There are some location-using apps that do so with clear disclosures, but many don’t. Some companies even collect the data for one purpose while using it for another.
© James Heyworth/123RF
By law, location-tracking companies are only required to describe theirpractices in their privacy policies, which tend to be dense legal documents that are very difficult for the average person to understand. If a private company is legally collecting location data, it is free to distribute or share the data however it wants. Location-tracking companies assert that the location data they work with are anonymous, but comprehensive records of time and place are still able to identify real people.
It is often nearly impossible to know which companies receive your location information and what they do with it. Since collection of location data is largely unregulated, some of these companies can legally obtain access to phone location sensors and then buy and sell the information. Smaller location-tracking companies are able to insert their tracking programs into established apps from larger app developers using software development kits (SDKs), small programs that can be used to build features within an app, including location-tracking capabilities. SDKs are embedded in thousands of apps. The categories of app most commonly working with SDKs include travel, entertainment, maps and navigation, social networking, shopping, games, and sports.
In a New York Times Opinion test, the music app iHeartRadio asked users to allow location services “to get your favorite DJ.” The iHeart app then sent the precise geolocation of the user’s phone to the data company Cuebiq for analysis such as measuring whether people visited a store after seeing an online ad. iHeartRadio stated its use of location data complies with “all applicable laws” and that its privacy policy includes “fulsome disclosure around location use.” iHeartRadio revised the consent screen for a later version of the app that includes more details.
