iPhones Harvest And Transmit Massive Amounts Of Data While You Sleep
iPhones are surprisingly active in the middle of the night, according to a report by Washington Post Technology writer, Geoffrey Fowler.
Fowler tracked his iPhone’s activity recently, finding that dozens of companies were receiving information at all hours.
On a recent Monday night, a dozen marketing companies, research firms and other personal data guzzlers got reports from my iPhone. At 11:43 p.m., a company called Amplitude learned my phone number, email and exact location. At 3:58 a.m., another called Appboy got a digital fingerprint of my phone. At 6:25 a.m., a tracker called Demdex received a way to identify my phone and sent back a list of other trackers to pair up with.
And all night long, there was some startling behavior by a household name: Yelp. It was receiving a message that included my IP address -— once every five minutes. –WaPo
Also not lost on Fowler was the irony of a January Apple advertisement which claimed “What happens on your iPhone stays on your iPhone.”
With the help of privacy firm Disconnect, Fowler encountered over 5,400 trackers in just one week – mostly within apps, that send his information to third party companies. Over the course of a month, the unwanted trackers were on track to upload 1.5 gigabytes of data.
“This is your data. Why should it even leave your phone? Why should it be collected by someone when you don’t know what they’re going to do with it?” said former NSA researcher Patrick Jackson who is currently Disconnect’s chief technology officer. Jackson used special software to analyze Fowler’s iPhone.
“I know the value of data, and I don’t want mine in any hands where it doesn’t need to be,” he said.
In a world of data brokers, Jackson is the data breaker. He developed an app called Privacy Pro that identifies and blocks many trackers. If you’re a little bit techie, I recommend trying the free iOS version to glimpse the secret life of your iPhone.
Yes, trackers are a problem on phones running Google’s Android, too. Google won’t even let Disconnect’s tracker-protection software into its Play Store. (Google’s rules prohibit apps that might interfere with another app displaying ads.)
Part of Jackson’s objection to trackers is that many feed the personal data economy, used to target us for marketing and political messaging. Facebook’s fiascos have made us all more aware of how our data can be passed along, stolen and misused — but Cambridge Analytica was just the beginning.
Jackson’s biggest concern is transparency: If we don’t know where our data is going, how can we ever hope to keep it private? –WaPo
App Trackers are akin to the cookies used on websites that monitor and report your activity around the internet. In apps, however, there’s virtually no notice that this is happening, and they’re difficult to block.
So why do the trackers activate in the middle of the night? Some appmakers set them to harvest data whenever the phone is plugged in, or they think it won’t interfere with other functions. According to Fowler, “These late-night encounters happen on the iPhone if you have allowed “background app refresh,” which is Apple’s default.”
In the case of Yelp, the company said their app’s behavior wasn’t actually a tracker, rather, an “unintended issue” that’s been mimicking a tracker. According to the company, Fowler’s discovery only affects 1% of its iOS users, especially those who have made reservations through Apple Maps. “At best, it is shoddy software that sent Yelp data it didn’t need. At worst, Yelp was amassing a data trove that could be used to map people’s travels, even when they weren’t using its app,” notes Fowler.
Popular food delivery app DoorDash is another harvesting offender – which uses a tracker called Sift Science to get a ‘fingerprint’ of your phone – including device name, model, ad identifier and memory size, as well as an accelerometer motion reading to help identify fraud (so they say). Three other trackers used by DoorDash monitor the app’s performance, including one called Segment which routes data such as the delivery address, name, email and cell carrier of the phone’s owner.
DoorDash’s other five trackers, including Facebook and Google Ad Services, help it understand the effectiveness of its marketing. Their presence means Facebook and Google know every time you open DoorDash.
All but one of DoorDash’s nine trackers made Jackson’s naughty list for Disconnect, which also powers the Firefox browser’s private browsing mode. To him, any third party that collects and retains our data is suspect unless it also has pro-consumer privacy policies like limiting data retention time and anonymizing data. –WaPo
It was only after Citizen was contacted about this that they removed the Amplitude tracker.
What does Apple have to say about all of this?
Fowler was disappointed at the orgy of data harvesting happening at all hours, and asked “isn’t Apple supposed to be better at privacy?”
“At Apple we do a great deal to help users keep their data private,” Apple said in a statement. “Apple hardware and software are designed to provide advanced security and privacy at every level of the system.”
“For the data and services that apps create on their own, our App Store Guidelines require developers to have clearly posted privacy policies and to ask users for permission to collect data before doing so. When we learn that apps have not followed our Guidelines in these areas, we either make apps change their practice or keep those apps from being on the store,” said Apple.
Except that Fowler found that very few apps using third-party trackers were actually disclosing the names of those companies, or how they protect his data.
Getting more deeply involved in app data practices is complicated for Apple. Today’s technology frequently is built on third-party services, so Apple couldn’t simply ban all connections to outside servers. And some companies are so big they don’t even need the help of outsiders to track us.
The result shouldn’t be to increase Apple’s power. “I would like to make sure they’re not stifling innovation,” says Andrés Arrieta, the director of consumer privacy engineering at the Electronic Frontier Foundation. If Apple becomes the Internet’s privacy police, it could shut down rivals. –WaPo
Disconnect’s Jackson suggested that Apple might consider adding controls built into the iOS which would give people more visibility, or require apps to clearly disclose when they’re using third-party trackers.
” If I opened the DoorDash app and saw nine tracker notices, it might make me think twice about using it,” concludes Fowler. Indeed.
This post has been republished with permission from a publicly-available RSS feed found on Zero Hedge. The views expressed by the original author(s) do not necessarily reflect the opinions or views of The Libertarian Hub, its owners or administrators. Any images included in the original article belong to and are the sole responsibility of the original author/website. The Libertarian Hub makes no claims of ownership of any imported photos/images and shall not be held liable for any unintended copyright infringement. Submit a DCMA takedown request.