Some of the world’s most popular apps are likely being co-opted by rogue members of the advertising industry to harvest sensitive location data on a massive scale, with that data ending up with a location data company whose subsidiary has previously sold global location data to US law enforcement.
The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush and dating apps like Tinder to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem—not code developed by the app creators themselves—this data collection is likely happening without users’ or even app developers’ knowledge.
“For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising ‘bid stream,’” rather than code embedded into the apps themselves, Zach Edwards, senior threat analyst at cybersecurity firm Silent Push and who has followed the location data industry closely, tells 404 Media after reviewing some of the data.
This makes me wonder if ad blockers, pi-holes, and DNS blocking is going further to protect people than some of us thought. It’s interesting to me because while I don’t use most of the apps on this list, I do occasionally browse Tumblr (my sister sends me links from there frequently enough).
https://pxlnv.com/linklog/gravy-analytics-leaked/ The 404 media article is paid members only and wired is also asking for money to view this article (for me).
Edit: I found a list of apps that are related to Gravy Analytics and it totals in just over 12 thousand apps. Lots of them are freeware BS, but the fact that any of them are mainstream is ridiculous.