Are You Paying to Spy on Yourself?

Geoffrey A. Fowler of the Washington Post recently engaged a data expert to track everything going on behind the scenes with his iPhone. What he found was surprising since Apple touts itself as a company that doesn’t invade user privacy. The various apps on his phone were routinely handing out his personal data on a scale that shocked him.

Fowler’s information was being gathered by trackers. This is software built directly into apps and is different than ad tracking cookies that we pick up from web sites. App makers deliberately build trackers into apps and a user can’t get rid of them without getting rid of the app.

Most apps on his phone had these trackers. That included sites like Microsoft OneDrive, Intuit’s Mint, Nike, Spotify, The Washington Post, and the Weather Channel. Some apps came with numerous trackers. He had a food delivery service called DashDoor that included nine separate trackers. Third parties must be paying to share app space because the DashDoor app included trackers for Facebook and Google – those two companies know every time that app is used to order food.

Almost none of these apps disclosed the nature of what they were tracking. When first loaded, most apps ask for somewhat generic permission to track user certain data but don’t disclose the frequency and the extent to which they will gather data from a user.

This issue has relevance beyond privacy concerns because the apps on Fowler’s phone could collectively use as much as 1.5 gigabytes of data per month on his phone. Industry statistics show that the fastest-growing segment of Internet traffic is machine-to-machine communication, and these app trackers make a significant contribution to that traffic. Put bluntly, a lot of machine-to-machine traffic is either being used to back up files or to spy on us.

This has to be concerning to people who are still on measured cellular data plans. This unintended usage can cost real money and a user can end up paying to have trackers spy on them. Our cellphones are generating broadband usage without our knowledge, and mostly without our explicit permission. I’ve had months where I’ve barely roamed with my cellphone and still have seen more than a gigabyte of usage – I now understand where it’s probably coming from.

PCs and tablets have the same problems, with the data tracking coming more from marketing cookies that are loaded when we visit web sites. I scrub these cookies from my computer routinely. My desktop is only used for work and I still find 40 – 100 cookies every week. One of my blogs last year mentioned a guy who had gone on vacation for a month and was shocked when he returned and discovered that his home network had used several gigabytes of data in his absence.

There are ways to block the trackers on your phone, but this mostly involves deleting apps or turning off permission in your privacy setting, and that largely means the apps won’t work. You can also take steps to disguise your data by passing everything through a VPN, but that doesn’t stop the data from being transmitted.

The phone manufacturers are complicit in this tracking. I just got a new Samsung Galaxy and my new phone came with over 300 apps – most for services I don’t use like Facebook, Spotify, and ton of others. These various companies must have paid Samsung (or perhaps AT&T) to include their apps and their trackers. I’ll be spending a few days deleting or disabling most of these apps. I find it creepy that Facebook follows me even though I stopped using the site several years ago. And unlike when I download a new app, I didn’t have the opportunity to allow or deny permission to the many apps on my new phone – I assume AT&T gave that permission.

It might be a generational thing, but it bothers me to have companies reaping my personal data without my permission, without disclosing what they are gathering, and how they are using it. I know young people who are not bothered by tracking and assume that this is just a part of being connected.

The other big concern is that the tracking apps are contributing to the capacity problems on cellular network. I just saw last week that the average US cellphone now uses about 6 GB of data per month. If trackers are pushing out even half a gigabyte per month in usage that is a significant contributor to swamped cellular networks. Cellphone companies are working furiously to keep ahead of the demand and it must be maddening to cellular network engineers to know that 15% – 20% of network usage is being created behind the scenes with app trackers and not from actions taken by users.

In an ideal world, this is something regulators would be investigating to establish rules. Apps like DashDoor shouldn’t be allowed to install a Facebook tracker on your phone without asking for specific and explicit permission. All trackers should have to disclose the exact information they gather about a user and the frequency of that tracking. Unfortunately, this FCC has walked away from any regulatory role in this area. Congress could address the issue – something that European regulators are considering – but this doesn’t seem to be high on anybody’s radar.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s