By Ashwani Mishra, Editor-Technology, 63SATS
A recent report by 404 Media has revealed that popular mobile apps, including Candy Crush, Tinder, and Subway Surfers, are unknowingly collecting sensitive location data.
This massive breach stems from hacked files of Gravy Analytics, a location data company, exposing over 30 million location points.
Shockingly, the data includes highly sensitive areas like the White House, the Kremlin, Vatican City, and even military bases.
How It Happens Without Your Knowledge
The data collection doesn’t occur through app developers’ codes but through the advertising ecosystem, particularly real-time bidding (RTB) systems.
As ads run within apps, companies like Gravy Analytics allegedly intercept and collect user location data, often without the knowledge of either users or developers.
Apps implicated in the breach range from games like Temple Run to health-focused platforms like MyFitnessPal and pregnancy trackers. Even religious and VPN apps, typically downloaded for privacy, have been compromised, highlighting the pervasive nature of this data collection practice.
A Gold Mine for Advertisers, A Nightmare for Users
Location data is invaluable to advertisers because it helps create detailed “patterns of life,” mapping users’ daily routines, including home, work, gym, and even visits to government buildings or health clinics.
The Federal Trade Commission (FTC) has accused Gravy Analytics and its subsidiary, Venntel, of illegally collecting and selling this data without proper consent.
Marketing materials from Venntel boast of their ability to pinpoint users’ “bed down” and work locations, posing a significant threat to personal privacy. Sensitive locations like government facilities, health clinics, and places of worship are reportedly part of this extensive tracking.
The Russian Connection and Ransom Demands
Adding to the controversy, Russian cybercriminals have reportedly hacked Gravy Analytics, demanding ransom in exchange for the stolen files.
This breach is among the largest known involving U.S. companies that profit from selling individuals’ location data. Such incidents emphasize the growing vulnerability of the data ecosystem, which operates largely without user awareness or control.
How to Secure Your Data
Protecting your location data requires vigilance. Here are some steps to secure your smartphone:
Review App Permissions: Avoid granting location, camera, or microphone access to apps unless absolutely necessary.
On Android, go to Settings > Apps > Permissions to manage app access.
On iPhone, use the Privacy Settings to control permissions.
Enable Privacy Features
iPhone users can enable the “Ask Apps Not to Track” feature to limit tracking.
Android users can disable location tracking for apps that don’t need it for functionality.
Check App Privacy Policies: Read app privacy policies to understand how your data is collected and used.
Limit Background Tracking: Disable location tracking when apps are not in use to prevent data collection in the background.
Use Privacy-Focused Tools: Consider using ad blockers or VPNs to add an extra layer of security.
Why This Matters
The sheer volume of data collected—paired with the fact that it can map users’ movements and habits—poses serious risks to privacy and national security. From tracking individuals at sensitive locations to exposing vulnerabilities at military bases, the implications are far-reaching.
This alarming breach reveals an urgent need for stricter data privacy regulations and increased transparency from data brokers and app developers. As technology becomes more embedded in our daily lives, the risks to personal privacy grow exponentially.
But here’s the twist: the power to safeguard your digital footprint lies in your hands.
By staying vigilant, managing app permissions, and advocating for stronger privacy laws, you can reclaim control of your personal information.
The stakes are high, but the choice is clear. Your data. Your rules.
The time to protect your privacy is now.