Undermined privacy: How Apps spy on us legally

[German]It is actually known to informed people: Apps on smartphones are data sink holes collecting data – and data brokers are busy to get in touch with this collected data.


Apps and tracking

Today users have numerous apps on their Android and iOS devices. With each of these apps, the user agrees to consent to the collection and processing of data that this app collects on the first launch. Of course, most of these apps require the user to register with some service.

And most of the better informed people also realize that this data of the app is collected somewhere by the provider of the product. When I look at the comments here on the blog, Google is one of the data kraken. Apple, these are the good guys who care about privacy while surfing.

In the last few days, I have come across two pieces of information. In the article Apple and Google’s tough new location privacy controls are working, it is reported that the collection of location data by apps in Android and iOS probably works. 

  • Since the introduction of iOS 13 last fall, the amount of background location data collected by marketers has dropped by 68%, according to Location Sciences, a company that helps marketers analyze location data.
  • Location Sciences has also found that foreground data sharing, which only occurs during the runtime of an app, has decreased by 24%.
  • A Google spokesperson told Fast that Android users who have the option to share location data only when they actively use an app choose this option about half the time.
  • As Digiday reported, apps now have opt-in rates of less than 50 percent for collecting location data when not in use, according to Benoit Grouchko, CEO of ad tech company Teemo.

Controlling the transfer of location data was not always that useful in Android. But according to the article, the latest Android 10 version catches up with a similar setting “only during use” when apps request location data. Like iOS, Android 10 alerts users when an existing app is collecting location data in the background, and provides a shortcut to stop the app from doing so. The message is that advertisers must be content with limited location data, as users refuse mass tracking.

Google also reports that the developers of the Chromium browser are working on giving surfers more privacy and making them more difficult to identify. So everything in the green area?


At least the article Popular Apps Share Intimate Details About You With Dozens of Companies by Consumer Report raises doubts and shows that apps are real data hooligans. They collect intimate details about users, and share them with dozens of companies. On January 22, 2020, the articles The Apps on My Phone Are Stalking Me has been published in New York Times. There the author writes that he has discovered that ‘we’ [meaning the US] are building a digital surveillance state very similar to that in China.

Private data retention on a large scale

I became aware again of this topic by a tweet from German news broadcaster ZDF in Heute-Journal. he ZDF editorial staff points out how extensive this data collection has become through smartphone apps – and people don’t get it.

Experts describe the whole thing as (private) ‘large-scale data retention’. Apps collect (location data) and other data and they pass it on to networks. This way, huge amounts of data are collected and end up at data vendors. The New York Times has painted the overall picture, revealing the extent to which apps and data vendors collect data about users. And probably largely legally, because users agree to this data collection via the apps’ terms and conditions.

The New York Times has been working on this topic for a few days now. Someone had fed the editorial office a data record with data of anonymous mobile phone users, including their movement data, to show what is possible. The editors edited the whole thing – it is called ‘the persecuted nation’ (refers to USA). I had already noticed it in December 2019 when I came across the article Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secre. he key message: Most people are aware somewhere that apps record the user’s location and other information. The New York Times has reviewed how comprehensive the records already are.

Datenpunkte von GPS-Standortdaten

The New York Times took a map and had data points drawn in. The data points of 12 million ‘anonymous’ users resulted in 50 billion location points. Transferring their movements to a map, they trace highways, side streets and bicycle paths. Each data track shows the route of an anonymous mobile phone user, whose location data is recorded via app.

But this is probably only a tiny part of what data brokers collect about these users. And based on the data, it is possible to pick out an anonymous user and take a closer look at his movement data. This will suddenly make the anonymous users transparent: It is quickly clear where the person lives, maybe works, what interests they have, where the children go to school etc. The ‘price’ for using free services via mobile phone apps.

The user is tracked for data vendors. There are such companies around the world that own billions of data records, even with transaction data – which is unknown to the public. They sell this data anonymously to traffic planners, market research companies and so on. These are all noble goals, which are written on the banners. But: Anonymous data no longer exists!

Anonymous data no longer exists!

Some marketing people propagating to sell ‘anonymized’ data to customers, and that it did not harm anybody. But this is a fiction – in principle there is no more anonymous data. Only the effort to deanonymize them can become quite high.

Example: Data records with anonymous GPS single movement data contain so much information that people can often be identified by simple means. If someone leaves a certain place every day with their mobile phone, stops at a school to drive to a company car park or to an office building, factory etc., the person can be deanonymised very easily. The meta data of the GPS position acquisition, combined with other data sources make it possible. 

This is similar to the AOL case with anonymous search data of users, which made them very quickly identifiable. At that time, reporters were able to find people from the data records simply by using the search terms for some time.

Since many users are on social networks such as Facebook, LinkedIn etc. and often post personal information with a reference to their location, this is very easy. If an app of the network is used, the person is already ‘transparent’.

So the data brokers know a lot. One could also argue that the data is given to customers as a large anonymous mass of data records.  At this point I would like to refer to another topic which I could not discuss separately in this blog due to lack of time. At the end of the year the Hacker Congress 36C3 took place, where one session dealt with anonymized data.  German magazine heise has published a German article about that.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Software and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *