Joseph Cox (tweet):
A threat information company called HYAS, a private company that tries to prevent or investigate hacks against its customers, buys location data harvested from common apps installed on people’s phones around the world, and uses it to detect hackers. The company is a business, not a law enforcement agency, and claims to be able to track people to the “doorstep”.
The news highlights the complex supply chain and location data sales, traveling from apps that users in some cases are unaware that the software is selling their location, through to data brokers, and finally to end customers using the data itself. The news also shows that while some location companies repeatedly assure the public that their data is focused on a high level, aggregate, pseudonymous tracking of groups of people, some companies buy and use location data from a largely unregulated market explicitly for the purpose of identifying specific individuals .
A Chinese computer company boasts that it has its SDK of 1.36 billion units per month, and has quietly collected location data, device ID and other apps on the device without permission, researchers found.[…]
Apple and Google should inject targeted data into phones running all of these apps, and when they show up for sale, they should disrupt developers off track.
I find it so strange that Apple and Google justify their in-store monopoly with “privacy and security”, but practices like this are endemic to their stores.
Stay up to date by subscribing to the RSS feed for comments for this post.