Your Smartphone: Big Brother’s Best Friend
Every minute of every day, all over the world, dozens of companies are tracking the precise locations of
tens of millions of people with mobile phones and storing the data in gigantic data repositories. One of
those being tracked could be you. Anyone who has accessed these data can see whom you’ve met,
where you spent the night, where you pray, or whether you visited a psychiatrist’s office or massage
parlor.
Google Maps, with over one billion users, is perhaps the most popular location-based app in the world.
Most of its users are having their locations tracked. Google, Facebook, and other large tech companies
are more likely to keep the location data they collect for internal use. But many smaller companies, such
as Reveal Mobile, operating behind the scenes in mobile apps, also collect location data from your
phone’s sensors, with your knowing or unknowing consent.
The location data have many uses, such as providing maps and driving directions, facilitating payments,
analyzing urban traffic patterns, and identifying where Americans have—and haven’t—been practicing
social distancing during the coronavirus pandemic. However, location data are often sent to marketing
companies to create targeted advertising. Once companies have legally obtained location data, there
are few legal restrictions on what they can do with them, including selling the data for profit. Every app
is potentially transmitting data to five or ten other apps. Your data are being combined with other data
to learn more about you. It’s difficult to know which apps are sharing and profiting from peoples’
location data.
How is this allowed to go on? When downloading an app, a mobile phone user “consented,” by clicking
on an “I agree” screen to the terms of service in order to use the app. Downloading the app and
agreeing to terms of service are potentially allowing the user’s sensitive information to be exposed to ad
networks, data brokers, and other technology companies. There are some location-using apps that do so
with clear disclosures, but many don’t. Some companies even collect the data for one purpose while
using it for another.
By law, location-tracking companies are only required to describe theirpractices in their privacy policies,
which tend to be dense legal documents that are very difficult for the average person to understand. If a
private company is legally collecting location data, it is free to distribute or share the data however it
wants. Location-tracking companies assert that the location data they work with are anonymous, but
comprehensive records of time and place are still able to identify real people.
It is often nearly impossible to know which companies receive your location information and what they
do with it. Since collection of location data is largely unregulated, some of these companies can legally
obtain access to phone location sensors and then buy and sell the information. Smaller location-tracking
companies are able to insert their tracking programs into established apps from larger app developers
using software development kits (SDKs), small programs that can be used to build features within an
app, including location-tracking capabilities. SDKs are embedded in thousands of apps. The categories of
app most commonly working with SDKs include travel, entertainment, maps and navigation, social
networking, shopping, games, and sports.
In a New York Times Opinion test, the music app iHeartRadio asked users to allow location services “to
get your favorite DJ.” The iHeart app then sent the precise geolocation of the user’s phone to the data
company Cuebiq for analysis such as measuring whether people visited a store after seeing an online ad.
iHeartRadio stated its use of location data complies with “all applicable laws” and that its privacy policy
includes “fulsome disclosure around location use.” iHeartRadio revised the consent screen for a later
version of the app that includes more details.
