New York Times:
The millions of dots on the map trace highways, side streets and bike trails — each one following the path of an anonymous cellphone user.
One path tracks someone from a home outside Newark to a nearby Planned Parenthood, remaining there for more than an hour. Another represents a person who travels with the mayor of New York during the day and returns to Long Island at night.
Yet another leaves a house in upstate New York at 7 a.m. and travels to a middle school 14 miles away, staying until late afternoon each school day. Only one person makes that trip: Lisa Magrin, a 46-year-old math teacher. Her smartphone goes with her.
An app on the device gathered her location information, which was then sold without her knowledge. It recorded her whereabouts as often as every two seconds, according to a database of more than a million phones in the New York area that was reviewed by The New York Times. While Ms. Magrin’s identity was not disclosed in those records, The Times was able to easily connect her to that dot.
At least 75 companies receive anonymous, precise location data from apps whose users enable location services to get local news and weather or other information, The Times found.
More than 1,000 popular apps contain location-sharing code from such companies, according to 2018 data from MightySignal, a mobile analysis firm. Google’s Android system was found to have about 1,200 apps with such code, compared with about 200 on Apple’s iOS.
This is a riveting read. And there’s an amazing embedded graphic that takes you on a virtual map travel, following Ms. Magrin’s travels. (Note that the NYTimes didn’t dox her, she allowed the Times access to her data.)
From this Reddit post:
Instead of allowing apps all-or-nothing access to your GPS location, Apple should allow for a granular spectrum of access that the user chooses. This could go deeper and also be on a time- and location-based factor too. So instead of just “Allow or Don’t Allow Access to Location,” after which you’d have to go into the settings to change, there should be the ability to choose between exact GPS location, zip code (or the country’s relevant postal code), county, state, and time zone.
Apple already beefed up its privacy protections by adding “Only while using the app” as an Location Services icon in an iOS update, but it’s time to go further. In addition to the different degrees of location specificity, there should also be an “Allow once” option for situations where the user wants to allow it now but not necessary have that become the Location Services setting for the app that then requires opening up Settings and digging into the app’s preferences to change it.
And from this Motherboard article from Jason Koebler:
It’s not just Facebook: Android and iOS’s App Stores have incentivized an app economy where free apps make money by selling your personal data and location history to advertisers.
The apps on your smartphone are tracking you, and that for all the talk about “anonymization” and claims that the data is collected only in aggregate, our habits are so specific—and often unique—so that anonymized identifiers can often be reverse engineered and used to track individual people.
Some have made the suggestion that users should just turn off Location Services (Settings > Privacy > Location Services). But this is an overreach. Location Services has real value. It lets you find misplaced devices, find people who share their locations with you, lets useful services know when you are nearby.
It’s the misuse of this data, the exporting it as a source of revenue that, in my opinion, is the setting Apple should expose. To me, this is the missing setting:
Settings > Privacy > Location > Allow my data to be exported
And who would ever check that checkbox? Certainly not me.