The apps on your phone are tracking you when you go to the grocery store, when you drive to work, and when you travel to doctor’s appointments.
Security experts have long expected various companies track users through apps, but recent investigations from The New York Times and the Associated Press have shown how invasive these practices are. This week, The New York Times purchased anonymized data from a third-party vendor, de-anonymized it, and used it to show how companies track people throughout their days.
Apps location-sharing features revealed intimate details about people’s comings and goings, from when they went to the doctor to when they exercised. More than 1,000 apps have location-sharing capabilities, according to a 2018 report from mobile analysis firm MightySignal, including 1,200 in the Google Android store and 200 on Apple iOS. Even apps that have no apparent connection to location will automatically track users’ whereabouts and share that information with other companies.
And turning off location tracking doesn’t necessarily help. Earlier this year an AP investigation showed that Google GOOG, -1.86% tracks users’ locations, even when they’ve turned off the tracking features. These revelations come as Congress grills major tech companies about their privacy policies and moves closer towards creating data privacy laws.
Apple AAPL, -3.20% and Google have started taking measures to force developers to collect less data. Android recently limited its apps to collecting data “a few times an hour” rather than continuously, and Apple has prevented some apps from collecting data at all. But more changes are needed in corporate policy, said David Ginsburg, vice president of marketing at Santa Clara, Calif. cybersecurity firm Cavirin.
“With 50-plus apps on the typical phone, the average user is no longer able to maintain control. You can turn everything off, but is that a solution?” he said. “A first step must be a reset of privacy policies, where the default will be not to share any data.”
He said legislators should enforce rules similar to California’s new privacy law, which allows consumers to prohibit companies from selling their data to third parties. That could be the only path to protecting users’ privacy, because it is not in the commercial interest of corporations like Google and Apple to limit data used by these apps, said Rishi Bhargava, Co-founder at Demisto, a Cupertino, Calif.-based provider of security technology company.
“Industries need an external impetus in the form of robust and enforceable regulations to start this journey towards security,” he said. “Sadly, leaving data privacy and security up to the moral compass of individual companies is bound to fail because the short-termist focus on shareholders and profit doesn’t leave much space for security concerns.”
While the governments and corporations are slow to introduce lasting solutions, consumers have the means to take action themselves, said Mark Weinstein, a privacy expert and founder of social media platform MeWe.
“Most troubling is that you can’t see the creep,” he said. “The myriad of companies (and government agencies) that can and do know where you are all the time are unseen — you don’t see the creep peering over our shoulders.”
Google and Apple did not respond immediately to requests for comment.
A Google spokesperson said in a statement to AP after its investigation on location-tracking that “there are a number of different ways that Google may use location to improve people’s experience, including: Location history, web and app activity, and through device-level location services. We provide clear descriptions of these tools, and robust controls so people can turn them on or off, and delete their histories at any time.”
Turn off location services
Under “settings” and “privacy” on both Android and Apple, users can turn off location services entirely or choose to turn them off for select apps. Very few apps actually require location data to function, Weinstein noted.
Even when using Google maps, for example, users do not have to keep location turned on. You can instead type in the origin and destination addresses manually to find your way without real-time tracking.
Delete your apps
Some security experts have advocated going as far as deleting all apps from your phone. If you aren’t ready to use your phone only for texts and calls, you can start by deleting just unnecessary apps from the device. If you have an app you don’t use, you’re essentially carrying around a tracking device for no reason, Weinstein said.
“Most concerning isn’t that marketers can know in every moment exactly where you are, where you are going, and target you,” he said. “Most concerning is that governments around the world also can readily access this information about where you are and what you are doing.”
When you add a new app on your phone, deny its access to your location when it prompts you to, Weinstein said. Another option: Apple allows users to bookmark webpages on the homescreen of the phone. Instead of downloading a weather app that tracks your every move, bookmark your favorite weather page to the phone’s homepage itself and click on it when you’d like to check the weather, or other location-related information. Apple’s built-in weather app can also be uninstalled.