Share:
How apps you use got hijacked into selling your location
Playing Candy Crush, swiping left on a dating app and checking your Yahoo inbox shouldn’t expose your location. I say shouldn’t, but those apps and thousands more were likely hijacked by data brokers who turned your personal info into cash.
Now, cybercriminals on the Dark Web have access to the location information of tens of millions of people. I’ll explain how this happened and share my secret weapon for fighting this kind of privacy invasion.
🔎 Whodunnit?
It all started with Gravy Analytics, a data broker that tracks over a billion devices worldwide. (They also own Venntel, which sells info to U.S. government agencies like the FBI and IRS.) A Russian hacker wormed into Gravy’s records, stealing 1.4 gigabytes of info.
▶️ That data includes over 30 million location points. 404 Media (paywall link) investigated the breach and found the shocking way they obtained your whereabouts.
This is clever (and super sketchy)
When you open a site or app, there’s a millisecond-long auction to decide the ads you see. The process is called real-time bidding (RTB), and it’s based on, among other things, all the data points they have about you and what you’re most likely to buy.
RTB collects enough information to make sure the right people are seeing an ad, and data brokers are in those auctions, too, with another purpose: To snag your info. The scummiest part is they don’t even need to buy any ads to do it.
The Gravy Analytics leak data shows thousands of apps gathered your location data. The working theory is they collected RTB data themselves or bought it from other data-broker companies.
Who’s on this list?
The list is long, and I’ll get to the specifics. Some apps, like Tinder, say they’ve never worked with Gravy Analytics. (I’ve heard that excuse before.) But if the info came from RTB, that’s in the advertising ecosystem, not the app’s code.
Really, that’s worse in some ways. This type of location tracking is happening through apps whether or not developers explicitly OK it. This includes:
- Dating apps: Tinder and Grindr
- Fitness and health apps: MyFitnessPal, Sleep Tracker: White Noise, and My Period Calendar & Tracker
- Games: Angry Birds, Candy Crush, Temple Run, Harry Potter: Puzzles & Spells, Injustice: Gods Among Us and The Sims FreePlay
- News and entertainment apps: AOL, BuzzFeed, Bloomberg, Daily Mail, Euronews, Fox News, Sky News, Times of India and Spotify
- Social media and communication apps: Tumblr, Microsoft 365 and Yahoo Mail
- Transportation apps: Flight Tracker+ and Moovit
I could go on, but the odds are you have at least one of those on your phone right now. I do. Switching off location sharing wouldn’t have worked, and it won’t change anything now, but there is one thing you can do: Wipe the unique advertiser ID tied to your profile.
🍎 On iPhone: Do this under Settings > Privacy & Security > Apple Advertising, and toggle off Personalized Ads.
🤖 On Android: Go to Settings > Privacy > Ads, and tap Delete Advertising ID.
Pro tip: These steps might be different on your phone. If you don’t see those exact words, search your settings app for “ads.”
That’s only part of the problem. If you really want to clean up what’s tied to your identity, you have to go to the source.
Tell data brokers goodbye
Gravy Analytics is one of the biggest, but there are thousands of apps and sites that exist solely to collect and sell your info. By law, they’re required to remove your data if you ask.
I’ve tried doing this myself over the years, and it’s an absolute pain. The process is long and annoying, and, before you know it, they add you back. That’s why I went looking for a better solution.
Incogni finds all the sketchy people-search and data-broker sites where your personal information is listed and submits requests to remove it on your behalf.
👉 Incogni has removed me from 981 sites and put me on 40 suppression lists so I stay off. All told, Incogni’s saved me an estimated 735 hours and 45 minutes. I bet it’s more. The process takes forever to do on your own.
✅ Ready to take back your privacy? I negotiated a 60% discount on Incogni just for you. If you don’t like the results, it comes with a 30-day money-back guarantee.
Tags: Apple, cybercriminals
Share:
