Apps Spy on You – Emails obtained by BuzzFeed News reveal how app developers are lured by marketing firms to sell your data…..
Your devices are tracking you all the time. You just don’t know it yet!
When you consent to sharing your data with many popular apps, you’re also allowing app developers to collect your data and sell it to third parties through trackers that supply advertisers with detailed information about where you live, work, and shop.
In November 2017, Yale Privacy Lab detected trackers in over 75% of the 300 Android apps it analyzed. A March 2018 study of 160,000 free Android apps found that more than 55% of trackers tried to spy on you by extract user location, while 30% accessed the device’s contact list. And a 2015 analysis of 110 popular free mobile apps revealed that 47% of iOS apps shared geo-coordinates and other location data with third parties, and personally identifiable information, like names of users (provided by 18% of iOS apps), was also provided.
While the presence of trackers doesn’t necessarily mean developers are breaking the rules, emails obtained by BuzzFeed News show how data marketing firms convince developers to include trackers in their apps: cash.
“Most third-party services operate in the background and do not provide any visual cues inside the apps, effectively tracking users without their knowledge or consent while remaining virtually invisible,” wrote researchers in a February 2018 study. Meanwhile, the collected data is virtually untraceable as it is passed from data broker to marketers to others.
In emailed statements to BuzzFeed News, an Apple spokesperson wrote that “immediate action” is taken on policy violators, while a Google representative said, “We have policies that disallow apps in Google Play that are deceptive or misuse personal data, and we remove apps that violate our policies.”
But it’s easy for developers to evade detection. Trackers are tucked away in the app’s codebase, and developers can share user data outside of their apps by uploading it to a server.
Here’s how location tracking works: Marketing companies offer app developers cash in exchange for implementing a few lines of code — called an SDK or “software development kit” — into their apps. The SDK spy on you by sucking up all the user data that the app has access to, and the developer gets a check every month in return. Marketers use the location data to target advertising campaigns based on where you are (a coupon for donuts when you’re next to a donut shop, for example) and to measure whether an online ad drove you to visit a retail location. The goal is to understand your habits and ultimately, get you to buy something.
Because data collection for the purposes of advertising is either disclosed in long-winded privacy policies or not at all, it’s difficult to tell which apps have trackers and which don’t.
Nearly all types of apps include trackers. Major companies whose businesses are built on advertising-based revenue — like Facebook and Facebook-owned Instagram, as well as Google’s suite of apps including Gmail and YouTube — collect a wealth of detailed user information. But because Facebook and Google run their own advertising ecosystems, not sharing their user data protects their competitive advantage. But smaller companies do have financial incentive to share data with third parties.
A March 2017 email obtained by BuzzFeed News from Teemo, a Paris-based marketing company, reveals how developers are approached with pay-for-data schemes. In it, a Teemo employee laid out a “pure data play”: Developers place Teemo’s SDK into their app and Teemo pays $4 per thousand users per month. ”You have 1 million [monthly active users] > 4000 USD,” the email says. “Straight to your pockets.”