If you do a bit of research on application data collection will discover that many applications that serve purposes other than tracking, actually do track how, when, and where you use your phone constantly.
What’s more, it’s not all about apps, iOS, and Android -as operating systems of your smartphones and iPhones- do this too.
Through your gadget, they collect, retain data for their own commercial benefit, or hand it over to the likes of Google, Nike, and other interested entities. They build your persona and survey your commercial behavior, and then resell this data to marketing agencies or use it themselves to serve custom ads.
The amount of data these trackers upload from your phones can be huge. And, if you’re not hitched up to a wi-fi network, the transfer of all this data every night is costing you much more than your privacy!
How Phone App Tracking Works
As a matter of fact, the tracking these apps or operating systems carry out works a lot like cookies. Some apps utilize services, like Amplitude, a behavioral analytics platform with over 600 customers -of the likes of Microsoft, Intuit, and Twitter-, to gather and analyze customer data.
In a nutshell, there are little services logging your moves throughout the device/application, storing things such as usage tendencies, your searches, a digital print of your device to identify it, among other things.
The dirty little secret is… Most of the time these tracking services, or integrated app services, are -most of the time- hidden from the user and ON with no direct consent request. Usually, it is up to the user to find how and where to disable what they allow you to disable. What’s more, sometimes the purpose of the app is nothing but a facade, and their main business is data collection!
SDK Data Tracking
What is an SDK?
A software development kit (SDK) is a program provided by a company that is designed to make writing software easier. They contain common functions that a developer may want to include in their applications and interfaces for interacting with a device’s hardware, operating system, and other software (such as social media). By using an SDK, a developer can create apps faster and more easily than if they had to write the SDK-provided functionality themselves.
How Some SDKs Track Data
SDKs are commonly provided by device manufacturers to developers for free. The way that these organizations monetize this software is by collecting data from the applications that use their SDKs. This data can then be used to build profiles of users that can be sold to advertisers for targeted advertising.
The Internet uses IP addresses to route traffic from its source to its intended information. Mobile devices’ IP addresses can change frequently as they move from one network to another; however, they can still provide valuable information to advertisers.
For example, browsing the web on Starbucks’ WiFi means that your device may be associated with that cafe’s IP address, providing information on your coffee drinking habits. Additionally, devices that send traffic from the same IP address are likely to be related, providing additional data to advertisers.
Some mobile apps have a legitimate need for location information, sometimes called geofencing. Navigation apps need it to select a route, and restaurant apps may request a location to suggest the nearest store.
Apps with and without legitimate needs for this information may attempt to collect it for profiling purposes. Knowing where you eat, shop, etc. provides advertisers with information about your interests that can be used to serve more targeted ads.
How to Turn Off Data Tracking
Obviously, your personal data is at risk from this pervasive tracking, but there are ways to make it harder for these unfair players and to simply limit the collection of those who properly give you a way out. Here are four steps you can take to protect your data from unwanted tracking.
Check Your App Settings and Location Services
One of the best ways to limit the ability of data collection is to limit the apps on your phone that are allowed to access your data and location. Popular map and ride-sharing apps need your location to work, but shouldn’t have free reign to track your every movement.
Open your phone’s settings, and then under Privacy, you can access your Location Services. Change the location services from always-on to only allowing access while the app is open and in use. Check your other privacy settings to turn off privileges that you are also not comfortable with.
Turn On Browser Privacy
Top phone browsers include privacy settings that simply need to be turned on. Visit Chrome, Firefox, or Safari’s settings to control pop-ups, restrict cross-site tracking, and review assigned certificates.
Uninstall Unnecessary Apps
Apps, as mentioned in the Washington Post’s article, can leak data even when your phone is locked and at rest. While your weather widget or Spotify don’t pose much of a threat, some simple apps might be working against you.
General productivity apps and copy-cat games tend to exploit their permissions to the limits and gather way more information than they need to operate. Have you installed a game that has access to your contacts with no apparent purpose? Uninstall. Keep it clean, if it’s not necessary, don’t allow it.
Install Privacy-Protection Apps
Apps like Privacy Pro and Little Snitch can be used to identify and block trackers. They can tell you which ones are accessing your phone and which of your apps is giving up your personal information free of charge. Privacy Pro, available in the Apple Store, will automatically block tracking malware, but it only works with the iOS platform.
Another app we like is LittleSnitch. Also written for macOS, LittleSnitch is a firewall that provides visibility into who your mobile apps connect to and what information they send them.
Know Your Rights
In recent years, several countries and states have passed data protection laws designed to protect the privacy of their residents’ sensitive data. Some of the major regulations include the GDPR, LGPD, CCPA, and CPRA.
The General Data Protection Regulation (GDPR) is a law designed to protect the privacy of EU citizens. The GDPR sets rules for how companies should protect their customers’ data and provides eight rights to data subjects, including:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision-making and profiling.
The Lei Geral de Proteção de Dados Pessoais do Brasil (LGPD) is a data protection law that was implemented in Brazil on August 14, 2018, and went into effect in September 2020. It provides nine rights to data subjects:
- The right to access data
- The right to confirm that data is being processed
- The right to correct incomplete, incorrect, or outdated data
- The right to anonymize, block, or delete data that is excessive or not being used in compliance with the law
- The right to deletion
- The right to data portability
- The right to request information about how data is being shared
- The right to be informed about the possibility of denying consent and its consequences
- The right to deny consent
The California Consumer Privacy Act of 2018 (CCPA) protects the rights and data privacy of California residents. The CCPA grants residents the following rights:
- The right to disclosure
- The right to portability
- The right to opt-in or out
- The right to deletion
- The right not to be discriminated against for exercising their rights
- The right to a private right of action for data breaches
The California Privacy Rights Act (CPRA) is a privacy law passed in 2020 to supplement the CCPA. In addition to the six rights granted by the CCPA, California residents have the following rights:
- The right to correct inaccurate data
- The right to limit the use and disclosure of sensitive personal information
Protecting your privacy online might seem like a difficult and hard process. It is, but don’t be discouraged. Laws like the General Data Protection Regulation continue to gain traction in favor of the people’s right to privacy. That means users like you will slowly be able to step up and make trespassers accountable!
At the moment, look for fair players in the market and use applications that have clear and complete privacy policies. A good indicator is when app vendors -like us!- apply their GDPR compliance to their whole user-base, and not just to European users. Demand a better standard and help push it forward.