Apple and Google are implementing strict new rules about what data can be exfiltrated from smartphones and web pages by data harvesting apps. For example, Apple’s iOS 14 and later now limits GPS tracking to an ‘approximate location’. That is unless the user consents to precision location and data sharing. For example, a coffee shop may use location advertising to cast ads and offers to Apple users in its vicinity. Alas, no longer. The result is that Facebook will lose 50% of location-based ad revenue on Apple devices. Facebook in not happy – read here
Not only that, but according to Zenreach, that approximate location can be up to 300 miles from the customer. Its result is that 65% of location-based advertising to Apple users misses the target. And similarly, 80% of the ‘bid stream’ data used to buy programmatic advertising is too unreliable to use.
Regardless of whether the statistics are 100% accurate, Apple’s moves to ensure privacy by forcibly making users opt-in to data sharing and its more frequent push notifications when your data is in use are good ones. Just 37% of Apple users now have precise location switched on.
Apple and Google are also blocking 3rd-party cookies in Chrome and Safari. They have given the advertising industry ample notice. They will no longer allow tracking the user’s browser activity with cookies. The result is that online targeting based on browser activity will finish. No more visiting a Myer website and inundated by ads from David Jones. PS – Install Ghostery if you can – never surf without it.
How to stop advertisers from making a dollar from you
You can take it as a given that every app gathers telemetry from your phone regardless of whether you have permissions enabled. But if you look at each app and ask why it needs a camera, microphone, location, calendar, contacts, storage, or more, you start to get an idea of how intrusive apps have become. My advice – if you can’t figure out why, say, a flashlight app needs all manner of permissions (hint – it does not), then simply turn them off. If the app ceases to work, so be it.
Does your phone listen to you?
The short answer is yes and no. If you have given microphone permission to any app (apart from the camera for recording, phone for talking, Google Assistant or Siri etc.), turn it off. Apple and Google are always listening for the watchwords and can make mistakes. As far we know, voice queries do not invoke advertisements.
Turn off permissions in ‘loyalty apps.’
If you have Flybuys, Woolworths Rewards, Telstra, Qantas, Virgin, Sephora, McDonald’s, Priceline, or any of the many thousands of loyalty card apps, these are all spying on you. They can all serve location advertising and track your movements. Even your bank and payment apps like PayPal track you. An app may offer convenience but at what privacy cost. Turn off all permissions. If you want it to know where you are, you can usually enter a postcode.
Where does this data go?
If you are lucky, the app developer sells it to Apple or Google by including their tracking APIs in the app. If you are unlucky, it can be Facebook or end up in some dark-web or nation-state database. Regardless most apps sell data to about ten 3rd-parties and 20% to 20 or more. Data sales are more prevalent in freemium or ad-supported apps, especially games, dating, news and fitness.
Reuben Binns, the project lead computer scientist at Oxford University, said,
“This business model has gone completely out of control. It has created a kind of chaotic industry that the people who are most affected by it don’t understand.”
Joel Reardon, assistant professor of computer science at the University of Calgary, said,
“Even just the characterisation of what apps you have on your phone is quite an insight into a person’s life. You can learn information about their age, sexual orientation, health, and link it back to their device ID.”
What companies are collecting the most data?
Facebook, Instagram and two dating apps take the top slots in a recent study by Clario (also a good read). It shows from the most data-hungry to the least. Here are the top 10 apps that know the most about you:
Apple and Google say some data is legitimate
Apple and Google are like the fox that guards the chickens. Its OK for them to eat chicken as long as the majority have protection from other ‘nasty’ predators. We don’t know about Apple’s advertising revenue. In 2020 Google’s ad revenue was US$146.92 billion, mainly from ads related to ad words and search. That is 80% of its overall revenue of US$181.69.
But fortunately, both Apple and Google are a closed loop. They do not sell your granular personal data but use it to target you with highly personal ads. For example, if you wanted to know all the over 60, left-handed, Volvo driving golfers in Sydney, it could get to them with razor-like accuracy.
The biggest issue is data broking and subsequent marrying together (deanonymising) different app data based on your universal Advertising ID. Combining as few as five seemingly disparate databases can give you 99% of an individuals’ picture’. These apps are selling your data for profit.
Gabriel Voisin, a partner at Bird & Bird, the law firm said,
“There is a lot of sharing of data that we cannot immediately identify or realise. Users cannot easily control who their apps share data with. Or that only ‘two or possibly three super-dominant’ companies such as Google sit at the top of the data pyramid. “There are no easily accessible settings or widget to switch this off”.
In 2018 (last study), 5% of apps in Google Play and Apple Store sent data to China and 3% to Russia – countries without adequate data privacy standards. And then there are the secret trackers that exfiltrate data via other subterfuge. Microsoft hastens to add that it has a different business model than other tech companies that rely principally on advertising revenue. Facebook and Amazon are obvious by their silence on the matter.
GadgetGuy’s take – who do you trust?
The last formal study in 2018, ‘Third Party Tracking in the Mobile Ecosystem‘, was peer-reviewed and funded by the British government’s Engineering and Physical Sciences Research Council. If anything, new major players like WeChat, TikTok and the plethora of Chinese apps have added to the issues identified. Europe’s GDPR (Global Data Protection Regulation) has had a minor effect in Europe. But overall, but these data harvesters operate in shadowy grey areas outside the law.
And there is a telling overview of mobile tracking apps you can get from one company here.