A new data breach has just been publicized. And it’s not good news for iPhone and Android users of popular smartphone apps ranging from Candy Crush to MyFitnessPal.
Precise Data Location Hacked
The breach affected Gravy Analytics, a location data company that captures location information from millions of users around the world who use a wide variety of well-known apps. It was first reported by 404 Media.
TechCrunch explains how that information is used in an auction to determine who gets to deliver an ad to your device:
During that near-instant auction, all of the bidding advertisers can see some information about your device, such as the maker and model type, its IP addresses (which can be used to infer a person’s approximate location), and, in some cases, more precise location data if granted by the app user, along with other technical factors that help determine which ad a user will be displayed.
It’s unknown exactly how large the breach is and how many user locations have been leaked.
Some Good News for iPhone and Android Users
While the breach seems to be substantial, there are ways to protect yourself on an iPhone or Android device now.
On an iPhone, when opening a newly downloaded app for the first time, some apps present a dialog box requesting to track your activity. If you’ve selected Ask App Not to Track, your location isn’t accessible to data brokers like Gravy Analytics.
To make sure iPhone apps can’t track you, head to Settings > Privacy & Security > Tracking. Make sure to toggle off Allow Apps to Request to Track. That will automatically deny all app tracking requests.
On Android, try going to Privacy > Ads. See if you can delete your advertising ID.
Online advertising is everywhere. There are a number of good ways to avoid targeted ads while shopping from your desktop.
