All apps spy on you by default. No kidding. Every app in the Apple app store and Google Play store spy on you by default as they must use Apple or Google API’s (application programming interfaces) when compiled or can’t be in their app stores.
The APIs enable location, maps, translation, SMS, phone, and so much more. These are things we all use. Those APIs report back to Apple, Google, and the app developer.
All apps spy on you by default may be a harsh headline. Take it to mean every app gathers some data about you even if you give it no permissions. That data could be as simple as what it needs to do the job – location for example. Or as intrusive as accessing your unique advertising ID (that identifies you everywhere), interrogating and exfiltrating your contacts, SMS, email, photos, documents and much more.
It is not necessarily Apple or Google’s intent that all apps spy on you by default. Although Professor Rod Simms from the ACCC has proven that in Court – Go for it, Rod! The whole raison d’etre of the free app economy, hell the whole internet, is to monetise its users.
Read and understand these prophetic words from 1983
Every breath you take [smart fitness watches] Every move you make [smartphones and watches] Every bond you break [social media] Every step you take [accelerometer in smart devices] I’ll be watching you [data harvesting]
Every single day [IoT is around us 24x7x365] Every word you say [call logs, smart speakers, security cameras and phones] Every game you play [anything you do on a smartphone] Every night you stay [calendar and location] I’ll be watching you [getting creepier]
Oh, can’t you see [outright denial of the danger – cognitive dissonance] You belong to me [You have no other options apart from going off the grid] With every step you take [security cameras, credit cards, GPS, iBeacons] I’ll be watching you [facial recognition – at least you are honest]
with apologies to The Police
All apps spy on you by default. That is why I am heartily sick of so-called experts recommending this or that app
Here are a few real-life spying examples
All they do is gather information on what you spend money on. They then use your login details (email, phone and location) to target you with advertisements. Some sell your details to health funds, insurance, and utilities – where you spend even more. PS – an Excel spreadsheet, Google Sheets or iWork Numbers does a better job; free or low cost and private.
Put in your bills and due dates, and they remind you to pay them. All the while shopping your data to other providers to harass you with their offers. Use Outlook or Calendar for the same service – it is private.
Price comparison websites (PCW) and apps
While most PCW sites earn click-through revenue, many have negotiated far more lucrative arrangements for sales commissions. And most only compare vendors that have deals with. If a PCW asks you to provide more personal information so it can give you a deal say no. Otherwise you are the product. PS – there are hundreds – all sucking you dry. Don’t fall for cute animals, catchy jingles or superheroes – if they can afford to advertise, you are paying too much. You can usually trust a .gov.au PCW.
Dating apps like Tinder and Grinder
These share so-called private data with Facebook and sell to brokers to provide your demographic data and possibly your deepest desires and secrets. No free app is safe from monetisation.
Ride Share and Food delivery apps
Uber and others protest that they don’t sell data (which is plainly untrue). They get around this by classifying those they provide data to as ‘business partners’. We know that Uber has made several alliances with travel and accommodation PCWs. Uber also uses AI to extract maximum fare from you. It is based on the time you will wait and offering more expensive cars to reduce that time. Any partner that offers loyalty points for rideshare fares is also getting your data. Uber has plans to transform into the ‘Amazon for Transportation’. It will reach a point where the ride is merely the vehicle to sell you more. Other rideshares are selling real-time user data to stores en route. These send you in-app advertising, offering cups of coffee and more as you come into the vicinity.
Rife with permission violations asking for camera, microphone, contacts, photos and storage. The rationale is that kids don’t read privacy policies.
Loyalty card apps
Woollies (Rewards) and Coles (Flybuys) know every foods item you buy and how often you buy it. They apply AI to ensure you go further into their rabbit hole while increasing spend and profit from you.
But the majority of internet-linked loyalty cards sell your data. It is usually sold to speciality online marketing companies that can exploit it both inside and outside the stores.
Banks, credit cards and insurance underwriters are regulated institutions
They can only use your data to assess creditworthiness or sell their services to you. But the majority of their brokers, especially those that advertise a lot, sell your data.
Non-financial companies like Buy Now Pay Later (BNPL)
These have no such regulations and make squillions selling your data. It is sold to credit reporting agencies and retailers to encourage you to use our limit.
Tier One Telco/internet network infrastructure providers are regulated
They can only hand over information under subpoena. But there are thousands of resellers that use their apps and gateways to collect and sell data and metadata.
Utility companies (gas, water, electricity) are regulated
There are thousands of agents and resellers that are not regulated. If you use a PCW or an agent, you can be sure that your data is monetised.
IoT apps are a huge issue
Most require access to location, camera, microphone, contacts, SMS, email and notifications. While these are necessary to send you and nominated people notifications, they also monetise your data. Arlo is the one company with Privacy as A Pledge that no other security camera company will match.
Free Cloud storage and email
Paid cloud storage like Google Drive and Microsoft One Drive do not read your data. But many free cloud storage services look for keywords and data that they can monetise. If you are smart you won’t give a voice assistant access to calendar, contacts and email.
If you read the privacy policies of any free app, it will likely scare the bejesus out of you.
What to do on a smartphone
For starters, remove Apple and Google ‘Find My Phone’ apps. To FMP, it constantly monitors your location and puts it in its cloud. If you want to remote erase or take a photo of the thief, you give up any right to privacy.
Turn off precise location that uses Wi-Fi and Bluetooth. That way, you only have a location as accurate as the closest phone tower. If an app needs a better location, then set it only to use it when using the app.
Permissions. Go to your privacy manager and look for Permission Manager. It should bring up a list of permissions and apps that use them. Look for things like Auto-fill (password store turn off); Android personalisation service (turn off); Receive marketing information (turn off); and turn off anything with the words’ personalisation’ in it. Note that you have to be careful if you use Google Assistant speakers – it needs location and more to function. All these settings may appear in several sub-menus.
Apps permission continued. In Android Under Settings, Apps look at each app. Turn off anything that an app does not need to provide the service. If it breaks the app, it will generally pop up a screen asking for permission. Just give it that while using the app.
All apps spy on you by default – but you can stop them if you want to.