Privacy

Location Data Privacy

Location Data Privacy

Accurate information on population movement has become a marketable commodity and this has encouraged some shady practices amongst mobile app developers

Location information is in the form of GPS co-ordinates. The most accurate readings come from GPS chips within mobile devices. Location calculations from cellular towers are less so and from WiFi network access points even poorer. The best devices to collect this from are Android phones and tablets, ideally those with a built in GPS chip. IOS devices can collect similar information but the stricter controls of the IOS App Store compared to those set by Google to developers within Google Play make Android the preferred medium.

Location data is bought by government and industry for marketing and planning purposes. It will provide accurate details on the relative number of people at a location such as a shopping or sports complex at a given time. The data is supposed to be anonymised but could include details of the device used to harvest the data which might in turn be used to identify the individual sending it. The process cannot report exact numbers as not all individuals at any location will be in possession of a suitable transmitting device. The marketers hope to access a sufficiently large pool of running applications to collect enough data for their clients to deduce meaningful trends.

Some applications rely on location information to function at their best. When looking for a nearby cafe or retail outlet, checking the weather or when the next bus is due it is helpful if the device knows where the user is. Some Apps also collect location information when their core function has no need to do so. It is a conscious decision of the programmer to allow that App access to location data. There is additional development work required to harvest and interpret location data although the programmer will often re-use working routines from their past programs that solve a similar problem. The developer is looking to maximise income from their work. One example could be to provide location targeted adverts within the App to make advertising within the platform more attractive to sellers. The end user should be aware of the data collection process and receive an appropriate benefit; such as free use of the software. In the Google Store the permissions granted to every App can be seen before they are downloaded. This barcode scanning App has no functional need to access location data but it is free to install.

 

In the UK Huq have been selling mobile location data to clients including many local councils. The data is harvested through a software plug-in that is provided to Android developers. The Developer will include the Huq code within their application and this will forward location data to Huq. It does require that the application has access to the user’s location, this is a built in Android feature that the developer must choose to allow when their code is being written. In turn the user will be prompted to allow or deny location access when the App is first run. The user should also be able to disable location access within the App settings. A report from Motherboard in October 2021 indicates that location data has been passed to Huq from enabled Apps even when the user has opted out of sending it. An under the hood study by Joel Reardon revealed exactly what data the Huq implementing QR & Barcode Scanner App was collecting. The application was building up a files of 10 events and then sending these to the Huq server. Each event included the time, location, SSID of any WiFi networks and a unique ID identifying the sending device: All while the application was running as a background App. The user was offered the option to turn off data collection but this did not impact on the continuing communication with Huq.

It is relatively easy to minimise the impact of location collecting Apps even where this is essential for them to perform their core function. The blanket solution is to turn off a phone when not required.  A less severe approach is to set to ‘Airplane Mode’; a GPS chip would still be active but no App can communicate with a remote system.  A tracking App may still be collecting location data for transmission when a connection is available.  The ‘location services’ setting needs to be disabled to prevent this.  A simple and workable solution is to ensure that Apps that are not required are not running. Closing an App on IOS or Android will not usually remove them from memory. An App that is designed to harvest and post location data will almost certainly be running and gathering data in the background. The operating system sees this as an advantage as the user can quickly open and switch between ‘popular’ applications. As many of the worst offending data gathering Apps are likely to be non-essential ‘utilities’ which do not need to be always-on the best solution on Android is to ‘Force Stop’ Apps that are not required. As Android versions evolve their memory management has improved; upgrading to the latest version that your device will support will make this process easier and possibly allow Android to shut down the culprits automatically.

Leave a comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.