Chronic reveals popular iOS apps steal location data

Some popular apps from the App Store track the location of users and sell it to advertising companies. Here’s how you can stop it and keep your device safe.

App Store apps collect and exfiltrate your location, Wifi 

iOS is considered the most secure mobile operating system on the planet. However, it may not be as secure as you imagine. Former Chronic Dev Team member Will Strafach aka Chronic has uncovered dozens of apps that sell user data.

These apps are available on the App Store, despite Apple’s strict privacy policy. This data is collected by data companies and then sold to advertisers.

Apple removed apps that forward your location unsolicited, but according to this research it still happens on a large scale.

Strafach claims that popular apps like ASKfm and C25K® 5K Trainer track one or more of the following data points –

  • GPS latitude and longitude
  • Data from Bluetooth LE beacons
  • Wi-Fi SSID (network name) and BSSID (network MAC address)

In addition, some apps also exfiltrate the following user data –

  • Accelerometer data
  • Advertising Identifier
  • Battery percentage and status
  • Mobile network data
  • GPS altitude/speed
  • Time of arrival and departure at a certain location

How can apps access location data?

In iOS, you have the choice to grant apps access to your location. However, there are apps that must access location, such as a weather app where you can see how the weather is at your current location.

This also applies to fitness apps – you are able to track your running route, while the data is actually used for fingerprinting.

jailbreak

According to Chronic, many apps do not explicitly mention that they share data with third parties. While you think that the developer only uses that location to provide the correct weather information, your data is sold off pff to data monetization firms.

Chronic also discovered twelve location-based data firms, including RevealMobile and Sense 360. Their code is used in thousands of apps to exfiltrate user data to the third-party servers.

How to disable data sharing with third-party apps

Limit Ad tracking

To stop sharing data with apps, tap Don’t allow as soon as you get the appropriate notification. You can also enable this option in Privacy > Advertising > Limit Ad tracking from the Settings app.

The advertisements that you will see from now on will not be tailored to your personal preferences.

Disable Location services

You should enable location services from Settings only for those apps that genuinely need it. Also, make sure that an app can only know your location if you use the app actively, not at other times.

(Source – GuardianApp)

2 Comments

  1. Domo September 8, 2018
    • Gian September 9, 2018

Leave a Reply