Earlier this week, Bernie Sanders told The New York Times that he had no apps on his smartphone, citing a semi-anonymous but militant cybersecurity staffer named “Melissa” who keeps him safe. There’s fresh evidence this week that we should all listen to Melissa.
Two separate studies have found that seemingly harmless beauty and dating apps are repeatedly violating users’ privacy, sharing intimate details of their lives — including granular location data — with a vast network of commercial firms looking to exploit it.
As I’ve mentioned in our So, Bob podcast “No Place to Hide,” the privacy-violating arena exists because of a “big fish eat little fish” ecosystem. The big money for surveillance capitalism — AdTech — wouldn’t exist if large companies didn’t support it. Here, you’ll see how it works.
The first report, published by a Norweigian government consumer agency, alleges that the makers of Grindr, Tinder, OkCupid, and several other similar apps packages up user data and sells it to third-party advertisers without user consent or knowledge, a violation of European privacy laws. The report, titled Out of Control, claims “a large number of shadowy entities that are virtually unknown to consumers are receiving personal data about our interests, habits, and behavior.” The 10 apps studied sent data to at least 135 companies, the report found.
For example: “The dating app Grindr shared detailed user data with a large number of third parties that are involved in advertising and profiling. This data included IP address, Advertising ID, GPS location, age, and gender,” the report says. “Twitter’s adtech subsidiary MoPub was used as a mediator for much of this data sharing, and was observed passing personal data to a number of other advertising third parties including the major adtech companies AppNexus and OpenX. Many of these third parties reserve the right to share the data they collect with a very large number of partners.”
The report also studied a makeup app named Perfect360, accusing it of sharing GPS and other data with at least 70 partners.
A separate study, published by a new Lithuanian-based security news site named Cybernews.com, focused entirely on makeup and selfie enhancement apps and found similarly troubling results.
The so-called beauty app category is immensely popular, especially with young women and girls — individual apps boast of as many as 300 million downloads. Cybernews found many of the apps request permissions they don’t need to perform the simple task of fine-tuning selfies. Among the findings, according to Cybernews:
● Three seemingly separate developers seem to be run by the same group, and may be connected to apps previously found to contain a widely-dispersed Trojan
● One app developer was found to install malware through its software
● Unnecessary permissions include recording audio, using GPS, and seeing users’ phone statuses
● While only a few permissions are required for the app function, one app includes a whopping 40 total permissions
● More than half (16) of these apps are based in Hong Kong or China
In other words, Chinese app developers know an awful lot about the whereabouts of many teen-age Western girls.
“So why does a beauty and filter camera app needs to record audio, track your GPS location, or read through your contacts list? The apps may be free, but they are selling your data and the more they know about you, the more valuable your details become,” the report says. It sites a Buzzfeed article claiming that app makers can earn $4 a month for every 1,000 app users from tracking companies looking for location data. “If they have 1 million active users, they can get $4,000 a month.”
U.S. consumer groups reacted strongly to the report out of Norway; a coalition of nine urged the Federal Trade Commission to open an investigation on Monday.
“The illuminating report by our EU ally the Norwegian Consumer Council highlights just how impossible it is for consumers to have any meaningful control over how apps and advertising technology players track and profile them,” said Susan Grant, Director of Consumer Protection and Privacy, Consumer Federation of America. “That’s why Consumer Action is pressing for comprehensive U.S. federal privacy legislation and subsequent strong enforcement efforts. Enough is enough already! Congress must protect us from ever-encroaching privacy intrusions.”
The coalition also asked attorneys general in California, Texas, and Oregon to investigate.