If there's anything that social networks have taught us, it's that seemingly boring information about yourself can be packaged up and sold in bulk to the highest bidder. This data is then used to create profiles of us that allow advertisers to more accurately market toward their target audience. Ideally, the end user is made aware of this arrangement and is given the ability to opt out.
But other times, the app in question may not be playing by the rules. And the gathered data, free of its legal moorings, may be used for ill intent.
In the wake of the allegations leveled against Adware Doctor over the weekend, Cybersecurity firm Sudo Security reported today that dozens of apps on iOS are secretly recording your GPS location and movements and selling this data for profit.
It's not the most sensitive personal info to be taken without consent and sold to strangers, but Sudo claims that some of these apps are tracking you around the clock, even when they're closed. So if for no other reason, you may want to uninstall these apps to preserve some battery life.
The firm identified 24 apps that it said were misbehaving, pointing out that these are just examples of a larger group. Sudo did not identify in its report who else may be involved, but the examples run the gamut from transportation to weather to shopping to real estate.
Normally, when a report like this emerges, there is a common theme among the apps, but these are unsettlingly varied, indicating that the total headcount may be much larger. They are as follows:
- C25K 5K Trainer
- Classifieds 2.0 Marketplace
- Code Scanner by ScanLife
- Coupon Sherpa
- My Aurora Forecast
- MyRadar NOAA Weather Radar
- NOAA Weather Radar
- PayByPhone Parking
- QuakeFeed Earthquake Alerts
- ScoutLook Hunting
- SnipSnap Coupon App
- The Coupons App
- Weather Live - Local Forecast
- YouMail: Voicemail Upgrade
You probably see some familiar names on this list. It's not the usual band of rogues with sketchy descriptions in broken English. Some of these have been around for quite some time. The GasBuddy app came out in 2010, and the company was founded ten years before that. We should note, however, that Tapatalk used to have non-consensual tracking, but Sudo reports that this was apparently removed in an update earlier this year.
Still, both GasBuddy and Tapatalk have been popular tools over the years, so it would be disappointing to find that they were collecting and selling your location data behind your back. Granted, it can be tough to make it in a market where literally thousands of new apps are being added to the app stores every day, but it's hard to justify mass espionage.
Additionally, Sudo identified many of the companies collecting the data from these apps. We've reproduced its list below:
- Mobiquity Networks
- Sense 360
- Wireless Registry
If you encounter these company names in association with an app that you're using, you may want to consider an alternative.
FOLLOW Download.com on Twitter for all the latest app news.
How to reduce location data exposure
Sudo recommends that you enable limited ad tracking in iOS, which you can do by opening the Settings app, tapping on Privacy, scrolling down, tapping on Advertising, and tapping the slider next to Limit Ad Tracking. You may also want to tap on Reset Advertising Identifier just below.
Additionally, Sudo says that you should even change the name of your local Wi-Fi network to something generic, to give questionable apps fewer unique personal identifiers. And you should also disable Bluetooth when not in use.
One thing not mentioned by Sudo that's worth doing is a quick review of your Location Services settings. Open the Settings app, tap on Privacy, then tap on Location Services to see how your apps are set up to gather this data. Pretty much every app will have two settings: "Never" and "While Using."
If there are no choices next to the name of an app, then it doesn't ask for location data. If there's a tiny gray or purple arrow next to your choices, that means that this app recently requested that data. If the purple arrow is hollow, that means that you've given the app permission to request your location under certain conditions.
As a rule, an app should not need to be tracking your location when you're not actively using it, so we'd recommend "While Using" rather than letting the app use its default setting, which may be to track you around-the-clock, openly or otherwise.
If you set an app to "Never," it can't collect your GPS data. Keep in mind, though, that disabling location tracking may break app functionality. YouTube TV, for example (not cited by Sudo as a suspicious app), needs to know where you are because its live TV streaming is limited to certain regions of the country. But your weather app doesn't really need that, because you can just punch in ZIP codes to get this info.
Even if you can lock down a suspect app by disabling its GPS data collection, it may be doing other things that you don't know about yet, so you're probably better off uninstalling such an app, rather than trying to corral it.
According to Sudo, "[N]early 100 regional/local news apps have been confirmed to previously include code from RevealMobile in their apps." In our view, you're probably better off with one of the major international news apps that have a section for local stories, like Google News or SmartNews.
SmartNews has a section containing 47 major cities that you can get local news for, from Atlanta to San Francisco to Washington, D.C. Just open the app, swipe right to the Discover tab, scroll down to the Local section, and tap on Show All to see the list. Tap on your city of choice, then tap on Add button in the upper right to create a new tab dedicated to that area.
- Cybersecurity firm Sudo Security Group reports that dozens of iOS apps are secretly collecting your GPS location data and selling it. Sudo identified a sampling of the apps and the companies that buy the data.
- There are several steps you can take to reduce your privacy exposure, such as limiting ad tracking at the operating system level.
- Dashlane's new Inbox Security Scan can check your emails for malware
- Android malware Sonvpay secretly charges you premium text message fees
- Fortnite malware aimed at cheaters infects tens of thousands of devices
- Fortnite's battle royale with Android security problems is just getting started (CNET)
- Schneider Electric may have shipped USB drives infested with malware (ZDNet)
- How AI-powered malware uses facial recognition technology (TechRepublic)