s38b35M5@lemmy.world
on 15 Jan 2025 15:08
nextcollapse
A new data set obtained from a US data broker reveals for the first time about 40,000 apps from which users‘ data is being traded. The data set was obtained by a journalist from netzpolitik.org as a free preview sample for a paid subscription. It is dated to a single day in the summer of 2024.
Among other things, the data set contains 47 million “Mobile Advertising IDs”, to which 380 million location data from 137 countries are assigned. In addition, the data set contains information on devices, operating systems and telecommunication providers.
The approximately 40,000 apps in the new dataset cover a wide range of categories, from gaming, dating and shopping to news and education. They include some of the most popular apps worldwide, with millions of downloads in some cases.
For a smaller number of apps, the data set contains alarmingly precise location data. This data can help to identify a person’s place of residence. These apps include the queer dating app Hornet with more than 35 million users; the messaging app Kik with more than 100 million downloads in the Google Play Store alone; Germany’s most popular weather app Wetter Online, which also has more than 100 million downloads in the Google Play Store; and the flight tracking app Flightradar24 with more than 50 million downloads in the Googles Play Store; the app of German news site Focus Online and classifieds apps for German users (Kleinanzeigen) and French users (leboncoin).
For a bigger number of apps, less precise locations which appear to have been derived from IP addresses can be found in the data set. This list includes popular apps such as Candy Crush, Grindr, Vinted, Happy Color, dating apps Lovoo and Jaumo, news aggregator Upday, German email apps gmx.de and web.de as well as the popular dutch weather app Buienalarm.
Since the sample only covers one day, it is difficult to identify people based on their locations from this data set alone. However, in combination with other data sets from the advertising industry, which the research team obtained from data brokers, it’s possible to identify and track people on a large scale. The location data might for example provide clues to their home and work addresses.
Thus, the team was able to identify users of Wetter Online in Germany and Kik in Norway. The individuals confirmed that the data must belong to their devices and their use of the respective apps.
Location data aside, the mere information about who uses which apps can already be dangerous. For example the data set includes numerous Muslim and Christian prayer apps, health apps (blood pressure, menstruation trackers) and queer dating apps, which hint at special categories of personal data under GDPR.
So companies lie and misuse the power they have without any real punishments. What a world we live in.
s38b35M5@lemmy.world
on 15 Jan 2025 16:00
collapse
We see it over and over. When consequences for malfeasance are barely noticeable compared to profits, there is no incentive to comply with laws. Just pay the tiny fine is our lawyers don’t exhaust them first.
adespoton@lemmy.ca
on 15 Jan 2025 15:36
nextcollapse
The obvious next question is: what features do these apps have in common? Do they share a development platform or ad network? Do they use Firebase or some other diagnostics/debug platform?
Because I suspect that they’re all using some sort of “free” or ad supported component that just happens to be owned by a shell company belonging to either a data broker or a company selling large amounts of data to one.
far_university190@feddit.org
on 15 Jan 2025 22:28
nextcollapse
There was recent hack on data broker use realtime ad bid stream for location without any code in app. Will link if find again.
I interviewed a bunch of years ago with a company called “xmode social” (I was in desperate need of a job. I fortunately did not get that one.) They had a framework that they paid app publishers in to include in their apps. That framework collected your location data and sent it to xmode who sold that data. That was their entire business AFAIK.
There don’t need to be any shared features for companies to include shit like that in their apps. They just need a way to make the line go up.
AmazingAwesomator@lemmy.world
on 15 Jan 2025 16:28
nextcollapse
turning on a phone for the first time after purchase forces contractual agreement to be tracked. there is no decline button (at least on my motorola razr+ 2023). i hate this world.
unwarlikeExtortion@lemmy.ml
on 16 Jan 2025 13:41
collapse
Is that Motorola’s EULA or buying throug a carrier?
AmazingAwesomator@lemmy.world
on 16 Jan 2025 16:48
collapse
this was the google agreement; android.
unwarlikeExtortion@lemmy.ml
on 16 Jan 2025 17:00
collapse
Ah, the third option.
bokherif@lemmy.world
on 16 Jan 2025 14:11
nextcollapse
Honestly, I stopped fighting because every data point about everyone is just out there. The little to none that’s kept private is scraped by the governments.
socialmedia@lemmy.world
on 16 Jan 2025 17:24
collapse
Is the list if 40k apps public? Can someone write an app that checks to see if any of them are installed on a phone?
threaded - newest
Overview of our findings
So companies lie and misuse the power they have without any real punishments. What a world we live in.
We see it over and over. When consequences for malfeasance are barely noticeable compared to profits, there is no incentive to comply with laws. Just pay the tiny fine is our lawyers don’t exhaust them first.
The obvious next question is: what features do these apps have in common? Do they share a development platform or ad network? Do they use Firebase or some other diagnostics/debug platform?
Because I suspect that they’re all using some sort of “free” or ad supported component that just happens to be owned by a shell company belonging to either a data broker or a company selling large amounts of data to one.
There was recent hack on data broker use realtime ad bid stream for location without any code in app. Will link if find again.
I interviewed a bunch of years ago with a company called “xmode social” (I was in desperate need of a job. I fortunately did not get that one.) They had a framework that they paid app publishers in to include in their apps. That framework collected your location data and sent it to xmode who sold that data. That was their entire business AFAIK.
There don’t need to be any shared features for companies to include shit like that in their apps. They just need a way to make the line go up.
turning on a phone for the first time after purchase forces contractual agreement to be tracked. there is no decline button (at least on my motorola razr+ 2023). i hate this world.
Is that Motorola’s EULA or buying throug a carrier?
this was the google agreement; android.
Ah, the third option.
Honestly, I stopped fighting because every data point about everyone is just out there. The little to none that’s kept private is scraped by the governments.
Is the list if 40k apps public? Can someone write an app that checks to see if any of them are installed on a phone?