Some iPhone apps handing precise location data to as many as 40 businesses
Despite Apple's strict controls on privacy, a number of iOS apps are not only tracking precise location information on anonymized users but sharing it with third-party businesses -- sometimes dozens of them, a report revealed on Monday.
A particular problem was WeatherBug, which was found to be sharing exact latitude and longitude to 40 companies, the New York Times said. In its broader investigation the paper tested 20 iOS and Android apps, the majority of which had already been tagged by researchers and industry sources as potentially sharing location data. 17, including WeatherBug, were found to be sharing users' precise locations to about 70 businesses in all.
Apple requires data passed to advertisers and app developers be anonymized -- stripped of names and other identifiers -- in order to protect individuals. But, entities that collect location data can potentially infer who someone is based on context. The Times gave the example of a layperson who cooperated in the investigation, math teacher Lisa Magrin, the only subject who travels from her home to her middle school by one particular route each day.
Advertisers and researchers may not care about being that granular, but are often eager to know what communities, services, and products people are interested in. Developers in turn may be willing to sell that data as an alternative to putting pricetags on their apps.
Another implicated app was theScore, which was discovered sharing data to 16 advertising and location firms. The Times noted that like some of the other investigated apps theScore's developer was misleading, telling users only that granting location permissions would "recommend local teams and players that are relevant to you."
Similarly The Weather Channel, the most popular weather title on the App Store, tells people that sharing location information is meant for personalized forecasts. For a time however that data was also being analyzed for hedge funds by the IBM subsidiary that owns the app, the Weather Company.
The analysis was being done as part of a pilot program that has since ended. Until the Times talked to IBM though, the app's privacy policy didn't mention that the Weather Company might share aggregated location data for commercial purposes.
Today's report is likely to spur action by Apple, which -- except in China -- has made privacy a tentpole of user privacy, even getting into conflicts with the U.S. and Indian governments. CEO Tim Cook has suggested that U.S. privacy legislation is "inevitable," and lauded the European Union's General Data Protection Regulation.
A particular problem was WeatherBug, which was found to be sharing exact latitude and longitude to 40 companies, the New York Times said. In its broader investigation the paper tested 20 iOS and Android apps, the majority of which had already been tagged by researchers and industry sources as potentially sharing location data. 17, including WeatherBug, were found to be sharing users' precise locations to about 70 businesses in all.
Apple requires data passed to advertisers and app developers be anonymized -- stripped of names and other identifiers -- in order to protect individuals. But, entities that collect location data can potentially infer who someone is based on context. The Times gave the example of a layperson who cooperated in the investigation, math teacher Lisa Magrin, the only subject who travels from her home to her middle school by one particular route each day.
Advertisers and researchers may not care about being that granular, but are often eager to know what communities, services, and products people are interested in. Developers in turn may be willing to sell that data as an alternative to putting pricetags on their apps.
Another implicated app was theScore, which was discovered sharing data to 16 advertising and location firms. The Times noted that like some of the other investigated apps theScore's developer was misleading, telling users only that granting location permissions would "recommend local teams and players that are relevant to you."
Similarly The Weather Channel, the most popular weather title on the App Store, tells people that sharing location information is meant for personalized forecasts. For a time however that data was also being analyzed for hedge funds by the IBM subsidiary that owns the app, the Weather Company.
The analysis was being done as part of a pilot program that has since ended. Until the Times talked to IBM though, the app's privacy policy didn't mention that the Weather Company might share aggregated location data for commercial purposes.
Today's report is likely to spur action by Apple, which -- except in China -- has made privacy a tentpole of user privacy, even getting into conflicts with the U.S. and Indian governments. CEO Tim Cook has suggested that U.S. privacy legislation is "inevitable," and lauded the European Union's General Data Protection Regulation.
Comments
As noted tho perhaps they're using some other way such as IP or wifi maps.
You can already turn access on or off on a per app basis.
None of that fixes the issue at hand: app vendors passing on the data. You want to give location access to an app that provides the local weather, but you want that information used only for pulling the appropriate weather data, not to let third parties track you just because the weather app vendor thought that’s a lucrative side business.
No apps should have access to user contacts either. Should be off limits to apps. There’s no way there should be an iOS OS-level feature where a user can share the private details of everyone they know with a simple “Ok” on their screen. I’d much rather devs have access to my location than my entire contact book—it’s insane. And sacrosanct.
I don't think it always help. I'm pretty sure some apps refresh in the background and use your IP address to determine your location. Combine that with internet tracking (cookies) and it becomes pretty hard to stay anonym as soon as you use Internet connected devices. VPN and incognito mode might help a Little.
https://mashable.com/article/google-location-history-tracking/#t.N.IrwCD5qn
Essentially, I assumed that ANY app that provided unlimited location services to (whether the app was open of not) was selling my location. Maybe it would be better to force them to clearly describe in language easily understood exactly what they are sharing and to whom -- and to update the user if it changes.
WeatherBug is one of my most heavily used apps and I would miss it greatly.
I actually kind of liked the TheWeatherChannel better, but it doesn't run well on my 6+, so I stick with WeatherBug.
There are a number of options.