Hugely popular apps involved in location data controversy

A massive data harvest controversy has been uncovered, with the unwitting involvement of some of the biggest mobile apps in the world. 

Due to the actions of some working within the advertising industry, sensitive location data is being gathered on a huge scale and passed on to a company whose subsidiary entity previously sold data to U.S. law enforcement agencies. 

As detailed extensively by Wired, global location data from thousands of apps was found in hacked files belonging to Gravy Analytics. 

Beyond the scale of the issue and the vast quantity of data involved, the collection included various well-known and popular titles such as the enduring Candy Crush and Tinder. Other obscure apps were involved, as were those dedicated to religious prayers and even pregnancy tracking. 

A particular problem for the developers of the headline titles is the data has been amassed through the wider online advertising ecosystem and not through channels or code established directly by the app creators.  

Most of it has taken place without any consent or knowledge on the part of the apps’ users or developers.

After reviewing a sample of the data involved, a professional at cybersecurity firm Silent Push gave 404 Media his understanding of the incident.

“For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising ‘bid stream,’ rather than code embedded into the apps themselves,” said senior threat analyst, Zach Edwards.

Previously, location data collectors paid app developers to insert code to gather relevant location data on users but this incident shows more evidence that entities are gravitating toward the machinery of advertising to get what they are after. 

With ads embedded in apps, leakage means the brokers can harvest the data and information on the location of users’ mobile devices.

The hacked Gravy Analytics data showed user coordinates right across the United States, Europe, and Russia. 

Beyond Candy Crush and Tinder, there were further established app names such as Temple Run and Harry Potter games embroiled in the harvest. Transport app Moovit was found, as were the popular fitness app, MyFitnessPal, Flightradar24, social app Tumblr, and Microsoft’s Office 365. 

Ironically, several VPN providers (used to hide locations and enhance privacy) were also located in the data tranche.

Image credit: Via Midjourney

The post Hugely popular apps involved in location data controversy appeared first on ReadWrite.