Privacy isn’t what it used to be. In the digital economy, anyone who uses a smartphone or the internet — which is just about everybody — routinely chooses to trade a measure of privacy for all the conveniences of app-driven technology.
The question is whether that trade-off is a good one. Consider location tracking, for instance. In worst-case scenarios, stalkers and abusers use “spy apps” to track their victims. Those are extreme examples, but if you’re in the habit of simply saying yes to your apps’ permissions, you may want to stop and think about that for a moment.
The Case for Location Services
Location tracking is a core part of many apps, beyond obvious categories like mapping/navigation and weather. Review services use your location to suggest businesses you might want to patronize in your area, and retailers use your location to select the most relevant store and sales flyers for you.
Who's Calling Me?
Search any phone number to learn more about the owner!
The idea, in short, is that knowing your location makes app providers better able to serve you. That could be as immediately practical as suggesting a good burger place within a few blocks of your office or knowing which of the three hardware stores in your vicinity has a part in stock for your faucet. These are good things.
The Case Against Location Services
The problem is that many apps expect permission to use your location even when it’s not really needed. A calculator program doesn’t need to know where you are, and neither do most games (Pokémon Go is an obvious exception). Apps that ask for your location unnecessarily are likely using it simply to flesh out the data they collect — and monetize — from your usage.
That can lead to awkward situations. In one highly publicized example, a popular fitness app accidentally revealed potentially dangerous information about US military and intelligence installations. As a result, the military now bans troops from bringing their mobile devices on deployments to hot spots around the world.
The stakes aren’t usually that high for civilian users, but there’s still definite potential for misuse.
The Ugly Truth About Your Lack of Control
Sadly, turning off location services won’t necessarily stop you from being tracked. Some apps — malicious or just poorly coded — will continue to track your location even if you turn off location services. Another vulnerability comes from the software development kits (SDKs) developers use to speed coding (like buying from Ikea instead of building a desk from scratch). Apps built from the same kit will sometimes exchange data, so any app you’ve given those permissions to may pass your location to others.
Others use less obvious sensor data from your phone — its gyroscope, accelerometer and compass — and combine that with data from other sources, like your phone’s digital encounters with the wireless networks in your vicinity and Wi-Fi hotspots you pass in the run of your normal day. Those data points, once collated, can give a frighteningly accurate picture of your routine. Data that has your name removed isn’t especially anonymous when these other data sources can identify you down to a specific router with a specific IP address, within a specific building and on a specific floor.
The Rise of Data-Privacy Legislation
Over the past few years, various jurisdictions have begun to pass laws which compel tech firms to disclose what information they gather and how they handle it. The most important of these to date have been the European Union’s General Data Protection Regulation (GDPR), which came into force in 2018, and California’s California Consumer Privacy Act (CCPA), which became effective in January of 2020.
They’re the inspiration for the banners and pop-ups you now see, offering to explain an app or site’s privacy policies, use of cookies and utilization of your personal data. As these new laws come into force, companies will face restrictions on how they ask for and use your location data. In the meantime, your own informed consent — or withholding of consent — is a starting point.
Balancing Function and Convenience With Security
If you’re concerned about privacy or your physical security, turning location services off is certainly a valid first step. You can always activate them again when you need to use apps that rely on them. The steps are similar but not identical across different versions of Android and iOS. To find instructions that will work for you, search something like “how to turn off location on iPhone” or “how to turn off location services,” and then specify your phone or OS version.
Once you’ve done that, there are several other measures you can take to improve your data security. No one of them is a complete solution in itself, but you can measurably improve your privacy if you follow these and other best practices.
Stick to Mainstream Apps
It’s not that major players like Google, Apple, Facebook, Snapchat and Twitter won’t have privacy and data-security issues — most of them do, and more will crop up in future. The advantage of mainstream apps is that those big players are the subject of intensive scrutiny, so their shortcomings quickly become public knowledge. Just as importantly, they have the resources to quickly patch vulnerabilities.
Choose Paid Over Free
There are hundreds of thousands of great free apps, but developers who don’t charge for their software usually make their money from your data. Most paid apps cost little more than a cup of coffee — sometimes much less — and having a separate revenue stream means they’re not as motivated to monetize your location data and other personal information.
Don’t Be a Magpie
During World War II, when gasoline was rationed, posters everywhere challenged drivers with the question “Is this trip necessary?” Applying the same logic to your apps makes perfect sense: Instead of installing any app that catches your eye, ask yourself whether it’s something you’re likely to use in the long term. If it isn’t, maybe you should just skip it. The more apps you install, the greater the likelihood that one of them will play fast and loose with your location data.
Pay Attention to Permissions
Earlier in the smartphone era, apps could ask for a given set of permissions and your choices were, basically, to take it or leave it. Newer versions of Android and iOS are more nuanced, often allowing you to disable one permission — like location services — while allowing others, or to allow those permissions only when the app is actively in use. Early test versions of Android 11 show the option of allowing “this time only” permissions.
On websites, the pop-up boxes and banners with GDPR or CCPA privacy notices will tell you what information the site gathers, and in some cases how it’s used. Read them, or use your browser’s features and extensions to block tracking.
Research Yourself
One final step in controlling your online presence is — to the extent you can — to identify the information about you that’s already in circulation. For example, you might opt to use Spokeo’s search tools to see whether publicly available information connects your phone number or online usernames to your real name or personal social media accounts.
If that information is available from public, responsibly sourced information — the kind Spokeo aggregates — you can be sure marketers have access to much, much more.
References
- https://citizenlab.ca/2019/06/the-predator-in-your-pocket-a-multidisciplinary-assessment-of-the-stalkerware-application-industry/
- https://www.vox.com/recode/2020/2/7/21127911/ice-border-cellphone-data-tracking-department-homeland-security-immigration
- https://www.zdnet.com/article/strava-anonymized-fitness-tracking-data-government-opsec/
- https://www.zdnet.com/article/us-troops-deploying-to-the-middle-east-told-to-leave-personal-devices-at-home/
- https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-locationhttps://cacm.acm.org/magazines/2019/9/238961-can-you-locate-your-location-data/fulltext
- https://arstechnica.com/gadgets/2020/02/google-launches-the-android-11-developer-preview-today/