Dozens of iOS apps secretly collect location history for data monetization, analysis says

GuardianApp, from the Sudo Security Group, finds that a number of iOS apps are secretly collecting and sending location histories and other sensitive user information to third-party data monetization firms.

According to a new report from GuardianApp, "a growing number of iOS apps have been used to covertly collect precise location histories from tens of millions of mobile devices, using packaged code provided by data monetization firms. In many cases, the packaged tracking code may run at all times, constantly sending user GPS coordinates and other information."

The information being collected includes Bluetooth LE Beacon Data, GPS Longitude and Latitude, Wi-Fi SSD and BSSID, and also such information as accelerometer data, battery charge performance and status, and even timestamps for departure/arrival to a location.

GuardianApp lists 24 apps that are "confirmed to send data to a third-party data monetization firm," including ASKfm: Ask Anonymous Questions, C25K 5K Trainer, Classifieds 2.0 Marketplace, Code Scanner by ScanLife, Coupon Sherpa, GasBuddy, Homes.com, Mobiletag, Moco, My Aurora Forecast, MyRadar NOAA Weather Radar, PayByPhone Parking, Perfect365, Photobucket, QuakeFeed Earthquake Alerts, Roadtrippers, ScoutLook Hunting, SnipSnap Coupon App, Tapatalk, The Coupons App, Tunity, Weather Live and YouMail.

GuardianApp has also found code from the monetization firm, RevealMobile, on the apps of several local TV stations owned by the Sinclair Broadcast Group, Tribune Broadcasting Company, LIN Television Corp., Gray Television Group and other broadcasters.

GuardianApp suggests using Apple's built-in Limit Ad Tracking feature to mitigate potential location sharing. The tool can be enabled by navigating to Settings > Privacy > Advertising. Further, vigilant users can select "Don't Allow" when iOS Location Services popup windows instructs them to "See privacy policy" or take similar action. The firm also suggests using a generic name for the SSID of a home Wi-Fi router and switching Bluetooth off when not in use.

Earlier on Friday, two major news stories broke about user data. Adware Doctor, formerly the top paid app in the Mac App Store, was pulled after a security researcher revealed it was exfiltrating user information to China, while a separate investigation revealed other malicious apps in the Mac App Store.

28 Comments

ericthehalfbee 4489 comments · 13 Years

About 6 years ago

So, these Apps can't track you if you have set their permissions to "Don't Allow"?

How, then, is this a story? If they were able to get information from your device by BYPASSING your settings, then that to me would be a serious issue.

gatorguy 24627 comments · 13 Years

About 6 years ago

ericthehalfbee said:

So, these Apps can't track you if you have set their permissions to "Don't Allow"?

How, then, is this a story? If they were able to get information from your device by BYPASSING your settings, then that to me would be a serious issue.

A weather app would be kind of useless without knowing your location don't you think. Same with a gas price or travel app. That's the story with this particular one. Obviously you're going to grant the permission needed for the app to operate. Otherwise you wouldn't allow it to be installed. It's what they're doing after the fact with the user data that you've given them access to. In other words otherwise legitimate and useful apps selling data to brokers.

There's other threads today having to do with Mac and iOS apps that weren't legitimate to begin with. They were always meant to be scamming.

s.metcalf 964 comments · 21 Years

About 6 years ago

ericthehalfbee said:

So, these Apps can't track you if you have set their permissions to "Don't Allow"?

How, then, is this a story? If they were able to get information from your device by BYPASSING your settings, then that to me would be a serious issue.

So you're happy with apps taking your extremely sensitive and precise location history and selling it advertisers (or worse) without disclosing this to you? Wow. :o

I hope that's not an official NOAA app!

taugust04_ai 106 comments · 8 Years

About 6 years ago

s.metcalf said:

ericthehalfbee said:

So, these Apps can't track you if you have set their permissions to "Don't Allow"?

How, then, is this a story? If they were able to get information from your device by BYPASSING your settings, then that to me would be a serious issue.

So you're happy with apps taking your extremely sensitive and precise location history and selling it advertisers (or worse) without disclosing this to you? Wow. :o

I hope that's not an official NOAA app!

As a weather enthusiast, let me state that every weather app that has NOAA in the title in the App Store is both not officially from NOAA, and usually garbage.

NOAA hasn’t received enough funding to fully upgrade their web sites to use all the same style/branding, so I’m pretty sure they do not have an app development team in place to publish apps.

grifmx 92 comments · 17 Years

About 6 years ago

if blogs can't leave comments open for all articles, they shouldn't post them. already left Engadget for doing that. if Appleinsider continues will find somewhere else to hear real people converse about everything Apple

Latest Exclusives

Latest comparisons

28 Comments

Sponsored Content

Top Stories

Sponsored Content

Latest Exclusives

Latest comparisons

Latest News

Latest Videos

Latest Reviews