The New York Times recently dissected the smartphone of a consumer to determine just how much data on her movements was available and which of the many apps were doing the collecting.

And collect they did.

Over a four-month period her location was recorded over 8,600 times, which averaged out to about once every 21 minutes.

Apps collect, aggregate and sell user data

It has long been said that if you are using a service for free, then you are the commodity. This statement is true with respect to apps on your devices. The commoditizing of your information or actions isn’t limited to those apps which are free of cost, however. Many apps for services you pay for also share your information.

Much to the user in the Times piece’s surprise, the Weight Watcher’s app tracked her visits to the gym and to Weight Watchers. Not just “checking in” type data, but rather the entire route. And Weight Watchers wasn’t alone. The Times identified 75 companies which were receiving such data. One company (not further identified) had gathered info from 200 million mobile devices, and the information gleaned “reveals people’s travels in startling detail, accurate to within a few yards and in some cases updated more than 14,000 times a day.”

Yes, Your Phone is Spying On You

Just about a year ago the Pentagon cautioned against fitness tracking devices and how the information being collected by the fitness devices posed a counterintelligence and OPSEC (operational security) risk in certain environments. Shortly thereafter, the Indian Intelligence Bureau sent a missive to the Indian military which identified 40 apps which were also a counterintelligence and OPSEC threat. The apps were sending the user’s information to China.

As the Times’ piece details, the collection and dissemination of your data, which may include your actions both physical and virtual hasn’t slowed down. The annual DEF CON, where data security practitioners, researchers and hackers gather, opened many eyes. For example, researchers from Sudo Security highlighted how 24 Apple iOS applications pushed user data to third parties. Their research showed, unsurprisingly, that one those third parties was a data mining services connected to apps from media companies like Sinclair, Fox, Nexstar Media, and Tribune Broadcasting.

An advertising service listing many consumer and retail brands, InMarket, projects ads to users when “it matters most – as they enter the store.” In order to do this, one must have the location data being fed from your device to their ad delivery system in near real time.

Have an app on your smartphone?

Mozy on over to AppCensus, an “international collaboration of researchers” and see what the “Privacy Analysis” is on that app -they have tested over 77,000 apps.

Want to stop location monitoring by apps?

Turn off “location sharing” on your phone at the device level under settings.

Remember – information which shares where you and your device is, is also telling the analyst of the information where you aren’t. Depending on circumstances, either may be a counterintelligence or OPSEC risk.

Related News

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008).