Popular iOS phone apps are using hidden trackers to collect emails, IP addresses and other personal information without consent while the phone isn’t being used overnight.
An experiment by The Washington Post discovered that more than 5,400 app trackers were sending data from a device they hooked up to monitoring software to third parties like Spotify, Nike, Yelp and even the Washington Post’s very own application contained trackers that took a large amount of data.
The Yelp app was found to be sending data to trackers every five minutes, although this is said to have been due to a bug.
They found a wealth of sensitive information including emails, phone numbers, IP addresses and a user’s exact location to name just a few items of personal data gathered.
Background refresh
Overnight, app trackers take advantage of Apple’s ‘Background App Refresh‘ feature, which allows apps to transmit data when they’re not actively being used, primarily for the purpose of making sure they’re up to date when next being used.
Third party
While they may improve the user experience, the U.S. newspaper found that the process ends up passing sensitive information onto third-party tracking companies, such as Amplitude, Appboy and Demdex.
Patrick Jackson, chief technology officer for privacy firm Disconnect, told the Washington Post: “This is your data. Why should it even leave your phone? Why should it be collected by someone when you don’t know what they’re going to do with it?”
Many of the apps use trackers to see what users are clicking on, so that the companies can gauge what their user activity looks like on a more granular level. And unlike Cookies, they are also very hard to block.
The trackers are also used being used by third party companies to target ads more effectively.
The apps fail to declare what data is collected, how long its stored and who can access it.
An Apple spokesperson told the Post: “At Apple we do a great deal to help users keep their data private. Apple hardware and software are designed to provide advanced security and privacy at every level of the system.”
An earlier investigation by Privacy International found that Facebook gathers data from most Android apps – even if users are not logged in to Facebook, or don’t have an account.
They tested 34 popular Android apps and found that two-thirds send data to Facebook as soon as they are launched.
Advertising profiles are built up from the data transmitted, according to the group and they also have the capability to gather detailed information on private matters such as religion or health.
Privacy International said: “We found that at least 61 percent of apps we tested automatically transfer data to Facebook the moment a user opens the app. This happens whether people have a Facebook account or not, or whether they are logged into Facebook or not”.
