A few days ago, a friend had an eerie experience. Minutes after talking to her husband about a possible trip to Indonesia in the living room of her home, advertisements of holiday packages for Bali started appearing on her social media and search feed. She had not searched the place on Google or had any discussion about it on any social media platform. On hearing this, others too pitched in with their share of similar instances. Clearly, this is not an uncanny coincidence. Someone is constantly listening to our conversations. We are being tracked and most of us don't even know it.
A recent report by Yale Privacy Lab and French non-profit Exodus Privacy has documented an exhaustive list of hidden trackers which are being deployed by companies in their Android apps to keep a track of their users. The data thus garnered is used to target advertisements at users. Though the list only contains Android trackers, a blog by Yale Privacy Lab on the report says that these trackers may be present in the iOS versions too.
"Many of the same companies distributing Google Play apps also distribute apps via Apple, and tracker companies openly advertise Software Development Kits (SDKs) compatible with multiple platforms. Thus, advertising trackers may be concurrently packaged for Android and iOS, as well as more obscure mobile platforms," the blog states.
The list not only reveals these trackers, but also mentions their services, clients, privacy policies and owners. While some of these apps gather user data which is kept encoded and encrypted, others collect personal data such as name, email id, location, country, and such.
For instance, US-based MoPub owned by Twitter, states, "We may collect information about your device and the ads you view or click. The MoPub Services are designed to avoid collecting information that identifies you personally, such as your name, address, or email address; but the information we collect does enable us to recognise your device over time."
It further says that "data collected includes, but is not limited to, information about your device, such as the type and model, manufacturer, operating system (e.g. iOS or Android), carrier name, IP address, mobile browser (e.g. Chrome, Safari), applications using the MoPub Services and the version of such applications, and identifiers assigned to your device, such as its iOS Identifier for Advertising (IDFA), Android Advertising ID, or unique device identifier (a number uniquely allocated to your device by your device manufacturer)".
These trackers are employed by most top companies including Twitter, Facebook, Tinder, Uber, McDonald's, Snapchat, Dominoes, among others, and most of them offer geo-targeting as their service.
In fact, some of them don't even need GPS to keep a track of a user but do so via Bluetooth and WiFi. Besides geo-tracking, they also monitor other offline activities of the users.
One tracker FidZup, for example, has developed "communication between a sonic emitter and a mobile phone by diffusing a tone, inaudible to the human ear; inside a building [FidZup] can detect the presence of mobile phones and therefore their owners".
While some of these apps keep data to themselves, some share it with third parties, too. The safety is not promised and there is always a threat of a hacking attack.
Yale's Privacy Lab has called upon the developers of such apps as well as Google, the distributor of these apps and the steward of Google Play, for increased transparency into privacy and security practices as it relates to these trackers.