Numerous popular iPhone apps are sending the location data of millions of mobile devices to third-party monetization firms. The report comes in the wake of an earlier report that Mac App Store apps are improperly harvesting and sending users’ personal information back to developers.
A group of security researchers say dozens of popular iPhone apps are quietly sharing the location data of “tens of millions of mobile devices” with third-party data monetization firms.
Almost all require access to a user’s location data to work properly, like weather and fitness apps, but share that data often as a way to generate revenue for free-to-download apps.
A report from security researchers at the GuardianApp project say in many cases the apps send precise locations and other sensitive data “at all times, constantly,” and often with “little to no mention” that the data will be shared with third-parties.
“I believe people should be able to use any app they wish on their phone without fear that granting access to sensitive data may mean that this data will be quietly sent off to some entity who they do not know and do not have any desire to do business with,” said Will Strafach, one of the researchers.
The apps are made up of fitness, news, and weather apps, which rightly require access to location data to work correctly. However, the apps are also sharing the data to make money for their developers.
GuardianApp researchers used tools to monitor network traffic to detect apps collecting of Bluetooth, GPS, Wi-Fi SSIDs, accelerometer information, and much more.
Although the apps say they don’t send personally identifiable information in the collection of data, the GPS coordinates collected could be used to locate a user’s home or work location.
Apps collecting the data and sending it to monetization firms include NOAA Weather Radar, Homes.com, GasBuddy, Photobucket, and many more. A a full list available on the GuardianApp site.
GuardianApp suggests users that do not wish to share their data with monetization firms do the following:
- Go to Settings > Privacy > Advertising and turn on Limit Ad Tracking in order to make uniquely identification of your iOS device more difficult for location trackers.
- Press “Don’t Allow” if a Location Services permission dialog contains “See privacy policy” or similar text.
- Use a very generic name for the SSID of your home Wi-Fi router (eg. “home-wifi-1”).
- Turn off Bluetooth functionality when it is not in use.