Everyone knows your location: tracking myself down through in app ads

Filed this under Off Topic because I’m not sure where “random internet finds” go. Just thought this was an interesting read and figured I’d share it here.

https://timsh.org/tracking-myself-down-through-in-app-ads/

1 Like

Oh goodie, another site without the option of switching to a light theme. :rage:

3 Likes

Highly damning read for anyone (ex) who thinks iOS app privacy is more pronounced than on other platforms.

(emphasis mine)

Advertising Tracking ID, on the other hand, is the cross-vendor value, the one that is shared with an app if you choose “Allow app to track your activity across …”.

As you can see above, it was actually set to 000000-0000… because I “Asked app not to track”.
I checked this by manually disabling and enabling tracking option for the Stack app and comparing requests in both cases.

And that’s the only difference between allowing and disallowing tracking

I understand there might be nothing shocking to you in it - this is not really kept secret, you can go and check the docs for Apple developers, for example.

But I believe this is not communicated correctly to the end users, you and me, in any adequate way, shape or form: the free apps you install and use collect your precise location with timestamp and send it to some 3rd-party companies.

The only thing that stops anyone with access to bid data (yet another ad buying agent, or ad exchange, or a dataset bought or rented from data broker, as you’ll see later) from tracking you down with all trips you make daily is this IDFA that is not shared when you disallow apps to “track you across apps” to “enhance and personalise your ads experience”.

By the way: if you’re using 10 apps from the same vendor (Playrix, KetchApp or another 1000-app company) and allow a single app to track you – it would mean that the data collected in all 10 apps will be enriched with your IDFA which can later be exchanged to your personal data.

tldr:

2 Likes

Frankly, I’m not surprised that some apps track location even when deactivated.
Normally on GOS we don’t have this kind of problem, do we agree?

1 Like

There isn’t any software (OS) solution to pervasive tracking, especially the kind hinted at in TFA. Anyone who sells you otherwise is either lying or an iOS fanboi apologist.[1]

For instance, it is possible to triangulate (with some precision) any client by pinging its public IP address from various locations (this is how orgs like ipinfo.net build their geolocation databases). This can be mitigated by using a VPN / Mixnet / Relay, but then banking & payment apps may refuse to work (sharing of data from which, per discussion on TFA on Hacker News, is a huge unchecked invasion of privacy).


  1. Going by their past threads on Mastodon & elsewhere, GrapheneOS’ developers come off as no gimmick & earnest about the limits & capabilities of the software they build. ↩︎

1 Like