NYT Investigation Reveals How Easily Smartphone Location Data Can Be Used to Identify and Track Individuals

[MacRumors]

The New York Times today claimed that it has obtained a file with the precise location of over 12 million smartphones over a period of several months in 2016 and 2017. While this data is technically anonymized, the report details how easy it is to associate specific data points with specific individuals.

With the help of publicly available information, like home addresses, The New York Times said it easily identified and then tracked military officials, law enforcement officers, lawyers, tech employees, and others:

In one case, we observed a change in the regular movements of a Microsoft engineer. He made a visit one Tuesday afternoon to the main Seattle campus of a Microsoft competitor, Amazon. The following month, he started a new job at Amazon. It took minutes to identify him as Ben Broili, a manager now for Amazon Prime Air, a drone delivery service.

The report explains that location data is collected from third-party smartphone apps that have integrated SDKs from location data companies like Gimbal, NinthDecimal, Reveal Mobile, Skyhook, PlaceIQ, and others, adding that it is currently legal to collect and sell all this information in the United States.

Apple continues to take steps to protect the privacy of its users. In iOS 13, for example, there is no more "always allow" option when third-party apps request to access your location. If a user wants to grant an app continuous access to location data, they must do so in Settings > Privacy > Location Services.

Apple also requires that apps provide users with a detailed explanation as to how location data is being used when prompted.

iPhone users who are concerned about their privacy can better protect themselves by navigating to Settings > Privacy > Location Services and disabling access to location data for unessential apps, or choosing the "while using the app" option at a minimum. We also recommend reviewing the privacy policies of apps.

A spokesperson said Apple had no comment on The New York Times report when contacted by MacRumors.

Article Link: NYT Investigation Reveals How Easily Smartphone Location Data Can Be Used to Identify and Track Individuals

 

[boswald]

I’ll just stick with default Apple apps from now on then.

 

[justperry]

Tracking individuals should be forbidden, actually, all data collected by any company should be anonymised.
Better yet*, don't collect any data on individuals.

*For commercial reasons.

 

[itsmilo]

As long as all these spying SDKs are allowed by Apple, they can suck it with their „we value your privacy“ PR talk

 

[Doctor Q]

Does "while using the app" include when the app is in the background? Most people don't close their apps.

 

[appleguy123]

It should be part of the developer agreement that the selling of personably identifiable data(with a realistic definition, location data is personally identifiable by its very nature) to a third party is not permissible.

I’m also squeamish about the collection of location data by the apps themselves, but at least I can evaluate a company’s perceived trustworthiness before I give them location permissions.

 

[V_Man]

Ok. Whatever. Everyone is tracked nowadays. Big surprise. Apple tracks our location too. To believe otherwise is naive

 

[justperry]

Does "while using the app" include when the app is in the background? Most people don't close their apps.

Using it exactly what is said, you are interacting with the App, when in background you are not using it.

 

[mannyvel]

I know a company that tracks every person in the developed world, and can map all of your devices back to your physical address. The NYT stuff is dog sh*t compared to their data.

 

[jakebrosy]

That might not work out so great.

From Apple’s Website:

The weather data used in the Weather app comes from The Weather Channel.

From the NYT today:

The Weather Channel app’s parent company, for example, analyzed users’ location data for hedge funds, according to a lawsuit filed in Los Angeles this year that was triggered by Times reporting.

What else did they do with it?

I’ll just stick with default Apple apps from now on then.

[automerge]1576777755[/automerge]
Read this:

https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-privacy-tips.html

Does "while using the app" include when the app is in the background? Most people don't close their apps.

 

[Toratek]

The irony is that there are multiple trackers right here on MacRumors that do the exact same thing... I have at least six of them blocked at this very moment.

If you aren't using something like PrivacyPro and a VPN at all times, and multiple layers of device masking, plenty of people can figure out where you are at any given time.

Except Apple...which encrypts the information in both directions, and who can't look at your data.

 

[MadDawg2020]

Problem 1. You chose to download an app from Google -or- an app that uses Google services.
Problem 2. You willingly gave Google your personal information.
Problem 3. You willingly agreed to Google TOS and allowed Google full access to all of your device data.

Solution.
Step 1. Delete anything by Google. Delete all Google accounts, Delete all Google apps.
Step 2 . No step 2 needed, Step 1 solves the above problems every time.

Note this Solution also works for anything by Facebook, Twitter or any other social media.

 

[diogenis]

Apple must install a general "privacy" switch, unreachable by anyone and that it will allow to transmit or not sensitive data, regardless of which app is running. We also need decent logs where and how sensitive data are used

 

[Rigby]

Tracking individuals should be forbidden, actually, all data collected by any company should be anonymised.
Better yet*, don't collect any data on individuals.

*For commercial reasons.

One of the points made in the article is that anonymizing precise location data is basically impossible.
[automerge]1576780013[/automerge]

Solution.
Step 1. Delete anything by Google. Delete all Google accounts, Delete all Google apps.
Step 2 . No step 2 needed, Step 1 solves the above problems every time.

Note this Solution also works for anything by Facebook, Twitter or any other social media.

Google at least gives you the ability to view and delete the location data they collect. I think SDKs that are embedded in all kinds of apps today are much more dangerous, since there is zero transparency about where the data ends up, and no way to view it or get it deleted.

 

[The_Martini_Cat]

There's a guy (you know it's a guy!) who parks his yellow 1956 Chevy Bel Air station wagon in his yard (and yes the registration is current). Looking at it in Apple Maps, sure enough, there it is. Looking at it in Google Maps, it's not too hard to back in time and see that car parked in the same yard, for at least the past 12 years. He may think he's relatively anonymous, living there at the corner of 83rd and Truxton, but ... he's not. The question is not whether Google is tracking you or not. The question is, do you want the convenience of looking up just about anything on the internet? I have location services turned off on my phone and my apps ... except when I want to point the phone camera at the sky and have it say "Airbus 880X, Seoul to SFO". Convenient!

 

[rgbrock1]

The irony is that there are multiple trackers right here on MacRumors that do the exact same thing... I have at least six of them blocked at this very moment.

If you aren't using something like PrivacyPro and a VPN at all times, and multiple layers of device masking, plenty of people can figure out where you are at any given time.

Except Apple...which encrypts the information in both directions, and who can't look at your data.

According to Ghostery, there are 6 trackers on this site. (All of whom I have blocked via that indispensable browser extension)
[automerge]1576780637[/automerge]

Problem 1. You chose to download an app from Google -or- an app that uses Google services.
Problem 2. You willingly gave Google your personal information.
Problem 3. You willingly agreed to Google TOS and allowed Google full access to all of your device data.

Solution.
Step 1. Delete anything by Google. Delete all Google accounts, Delete all Google apps.
Step 2 . No step 2 needed, Step 1 solves the above problems every time.

Note this Solution also works for anything by Facebook, Twitter or any other social media.

You do realize that, unless blocked, Google is tracking you on this very web site?

 

[centauratlas]

The other issues are at least these:
1. The carriers are tracking in addition to the tracking via API. The carriers can't be as specific by with 5G it will greatly improve (for them).
2. SS7 (Signalling system 7) has a huge backdoor because it is essentially trustless. As scammer can query SS7 to request location for a device and it is returned. It can do other things too, intercept text messages etc. It can be done from anywhere, and done without Apple or anyone else's APIs, it can be done continually and so far there isn't a fix for it.

 

[spacemnspiff]

Thank you 'Advertising Business Model', we are the raw material used to make the product that sells us to advertisers.

As Larry Page himself once said when asked “What is Google?”: “If we did have a category, it would be personal information … the places you’ve seen. Communications … Sensors are really cheap … Storage is cheap. Cameras are cheap. People will generate enormous amounts of data … Everything you’ve ever heard or seen or experienced will become searchable. Your whole life will be searchable.”

 

[nostresshere]

Looks like I need to shutdown my meth and fake money courier corporation. All my neighbors will now be in the unemployment lines.

 

[Bandaman]

I’ll just stick with default Apple apps from now on then.

That's what I've done. I don't use anything Google anymore after reading about these shenanigans: https://www.forbes.com/sites/thomas...smartphones-in-unprecedented-geofence-search/

 

[zinacef]

That's what I've done. I don't use anything Google anymore after reading about these shenanigans: https://www.forbes.com/sites/thomas...smartphones-in-unprecedented-geofence-search/

Same here!

 

[arkhanjel]

Look I get it no one should be tracked and all their data location or otherwise should be private unless you give it up yourself. That's a given. But, the balls on news sites and sites like this that write stories and call out privacy and tracking issues. They are the some of the biggest culprits of them all. Tracking location, clicks on pages, how long you're on the page. It's all BS and when you do this comparison they are always like oh well we don't use it in a bad way...

 

[robbysibrahim]

I don't mind having certain apps lay down my tracks wherever I go. Google Maps Timeline for example. Nice little supplement to my journal of where I was at a specific time.

 

[StevieD100]

Problem 1. You chose to download an app from Google -or- an app that uses Google services.
Problem 2. You willingly gave Google your personal information.
Problem 3. You willingly agreed to Google TOS and allowed Google full access to all of your device data.

Solution.
Step 1. Delete anything by Google. Delete all Google accounts, Delete all Google apps.
Step 2 . No step 2 needed, Step 1 solves the above problems every time.

Note this Solution also works for anything by Facebook, Twitter or any other social media.

Then block all several thousand IP addresses and domains that they use to track you. If you do it at your home router then you can be a social media free zone. All those hidden 1 pixel images that point to trackers that they have in the code of those webpages will give them no data at all.
Don't use Google as a search engine. Go via sites like Startpage or DuckDuckGo (and a VPN).

This is a never ending war. Keep vigilant.

 

[H2SO4]

Tracking individuals should be forbidden, actually, all data collected by any company should be anonymised.
Better yet*, don't collect any data on individuals.

*For commercial reasons.

No it shouldn't. It should be very plainly stated that it happens and an opt out by default.
[automerge]1576786186[/automerge]

Problem 1. You chose to download an app from Google -or- an app that uses Google services.
Problem 2. You willingly gave Google your personal information.
Problem 3. You willingly agreed to Google TOS and allowed Google full access to all of your device data.

Solution.
Step 1. Delete anything by Google. Delete all Google accounts, Delete all Google apps.
Step 2 . No step 2 needed, Step 1 solves the above problems every time.

Note this Solution also works for anything by Facebook, Twitter or any other social media.

Let me know if there is any space left on that bandwagon. Plenty here would love to join you.