A massive data breach by location data company Gravy Analytics reveals how popular apps on Android and Apple platforms collect sensitive location information at scale, often without the knowledge of users or app developers. It has become clear that it is being misused.
wired report The recent hack of location data company Gravy Analytics reveals a disturbing trend in the mobile app industry. The breach revealed thousands of the world's most popular apps were leaked from games such as: candy crush Dating apps like Tinder, pregnancy tracking apps, and religious prayer apps may also be exploited by unscrupulous members of the advertising industry to collect sensitive location data at scale.
This data ended up in the hands of a subsidiary location data company that previously sold global location data to U.S. law enforcement agencies, and is collected through the advertising ecosystem rather than through code developed by the app creators themselves. has been done. This means data collection is likely occurring without the user or app developer's knowledge.
Hacked Gravy Analytics data provides a rare glimpse into the world of real-time bidding (RTB), where companies bid to place ads within apps. While app developers have traditionally paid location data companies to include code that collects user location data, many companies are instead looking to obtain this information through the advertising ecosystem. I'm heading towards it. However, data brokers can eavesdrop on this bidding process and collect mobile phone location information as a side effect.
The hacked data includes tens of millions of cell phone coordinates for devices within the US, Russia and Europe, with some files referencing the app next to each location data. The list of apps mentioned is extensive and includes some well-known apps such as: candy crushTinder, Grindr, Moovit, MyFitnessPal, Tumblr, and Microsoft's 365 Office apps.
It is unclear whether Gravy Analytics collected this location data on its own or obtained it from another company. Still, the implications are significant, as Gravy is known to collate cell phone location data from a variety of sources and sell it to commercial companies and U.S. government agencies through its subsidiary Venntel.
The fact that the data appears to be being obtained via RTB raises the question of who is to blame (fraudulent members of the advertising industry and the tech giants that facilitate it) and how users can protect themselves ( This is very important because it determines (by which ads you try to block). The fact that large app publishers may not even be aware that their users' data is being collected.
Although some app developers and companies included on the list claimed to have no connection to Gravy Analytics or denied permission to collect users' location data, the nature of the RTB process means that the advertising ecosystem It may be possible to extract such data without the knowledge of members of the organization.
The FTC took steps to stop this practice, banning location data company Mobilewalla from collecting consumer data from online ad auctions for any purpose other than participating in the auctions. The agency also ordered Ventel and Gravy Analytics to delete historical location data and prohibited them from selling data related to sensitive areas such as clinics and places of worship, except in limited circumstances.
read more wired here.
Lucas Nolan is a reporter for Breitbart News, covering free speech and online censorship issues.
