3rd Party iOS Apps Tracking Location and Personal Data for Profit

Reading Time: 3 minutes.

GasBuddy, C25K 5K Trainer, and MyRadar NOAA Weather Radar, apps that are tracking users for profitGoogle’s not the only company tracking users for profit. Apple might not track their users the way Google does, but that doesn’t mean third parties aren’t behaving poorly. Google takes advantage of iOS users, and, just as they’re able to track users, so too can other third parties.

A report from GuardianApp, maker of a mobile VPN, showed that even seemingly innocent apps were selling private user information. Many have a legitimate reason to request your GPS data, but are using it in unintended ways. Your information will be sent off to third parties that will find ways to profit from your whereabouts and identity. They gather your GPS location WiFi host name, Bluetooth beacons you pass, cellular network information, and more.

Third parties use this data to track you as an individual, even track where you are at all times. The apps tracking their users range from local news apps, weather apps, and fitness apps.

However, you can protect yourself from invasive trackers in iOS, and it’ll only take a minute to set up.

GuardianApp’s Method

Full disclosure, this part’s a bit technical, but I’ll try to break it down without making the entire article explaining APIs, proxies, and decompiled apps.

GuardianApp went through great lengths to ensure their report was as accurate as possible. They used a proxy to monitor traffic leaving the phone for specific APIs, which is what most engineers would expect. This basically tells them what data is leaving the phone and where it’s going. They’re not difficult to set up and most people in application development (myself included) have done just this to test specific features.

However, they also decompiled the apps, a tricky process that attempts to recreate the original source code from the app bundle. The code these processes create is sloppy, at best, but can give you an idea into an app’s functionality. If a developer is hiding how they collect your data, this would reveal it. After sifting through this generated code, GuardianApp used static code analysis to track these changes through versions, ensuring that, once tagged, they could recognize these tracking tools throughout the codebase.

Long story short, GuardianApp made sure they could point the finger at particular apps, detailing what information they’re collecting and how they’re doing it.

Apps Tracking Users

You likely want to know the 24 apps GuardianApp named and shamed, don’t you? While you can see more details on what these apps were doing in the report, here is the list of invasive apps. I’ve bolded the most well-known ones on the list:

  1. ASKfm
  2. C25K 5K Trainer
  3. Classifieds 2.0 Marketplace
  4. Code Scanner by ScanLife
  5. Coupon Sherpa
  6. GasBuddy
  7. Homes.com
  8. MobileTag
  9. Moco
  10. My Aura Forcast
  11. MyRadar NOAA Weather Radar
  12. NOAA Weather Radar
  13. PayByPhone Parking
  14. Perfect365
  15. Photobucket
  16. QuakeFeed Earthquake Alerts
  17. RoadTrippers
  18. ScoutLook Hunting
  19. SnipSnap Coupon App
  20. Tapatalk
  21. The Coupons App
  22. Tunity
  23. Weather Live
  24. YouMail: Voicemail Upgrade

Also listed: local news apps from Sinclair Broadcast Group (yes, that one), LIN Television Corporation, Tribute Brodcasting Company, Gray Television Group, Raycom Media, Tenga, Capitol Broadcasting, Charter, Fox Television, Graham Media Group, and others.

How to Protect Yourself

The first thing you should do is limit tracking on your iOS device. This will at least make your phone more difficult to track as an individual device, but may not prevent all tracking.

Go into Settings > Privacy. Then scroll down to Advertising. Select “Limit Ad Tracking.”

GuardianApp also recommends setting your WiFi name to something generic sounding, making yourself more difficult to track. Don’t use a family name or something unique, instead, consider a popular joke like “FBI Surveillance Van” or just “home-wifi.” This will make you less identifiable. They also recommend turning off Bluetooth when it’s not in use.

What About a VPN?

GuardianApp will be releasing a VPN soon. Of course, this is why they did this study. They’re hoping to raise awareness about an issue: third party ad tracking, believing you will be more likely to buy their service to protect yourself from tracking as well as hackers.

The thing is, while this is a marketing ploy, they’re not wrong. A good VPN service can remove personally identifiable information, making you anonymous online. VPN stands for “Virtual Private Network.” Think of it like a pitstop for your data on ye ol’ information highway (sudo root 66?). Basically, your machine will encrypt your information, making it unreadable to an outside source. Then, it goes to the VPN servers. From there, identifying information can be removed, and then it’s sent off to its original destination. It’s a fantastic way to protect your identity online, prevent tracking, and block hackers.

Good Marketing

GuardianApp may be doing some marketing here, but this kind of invasive tracking is a real issue. Users should know that their apps, especially their free ones, may be tracking them. They should know that anonymous third parties they never realized they agreed to do do business with (it’s hidden in the terms of service, by the way) are tracking them. Where you live, your commute, where you shop, your fitness statistics, your name, and more are being sold to companies for advertising purposes. You absolutely should protect yourself.


Sources:

,