Your Smartphone Apps Are Filled With Trackers You Know Nothing About
ost of us understand by now that we’re being followed across the web. But how much do we know about how the smartphone apps we use track our every move? Thanks to tiny pieces of code that millions of developers use to make their lives easier, an array of companies gets free access to data they can employ to understand your habits. The process is invisible, and it’s worse news for you than you might think.
When we browse the web through Google Chrome, for example, a dizzying array of companies follow us. Such is the Wild West of our modern web, but you still remain in control of which sites you visit and which social networks you log into.
The shift to native apps changes this equation, however. Suddenly you’re no longer in full control of what’s loaded, nor of who is tracking you, and you must trust app developers to do the right thing.
All of this should make you skeptical of marketing like Apple’s recent “privacy matters” campaign.
On mobile, tracking is generally performed through the use of a “software development kit” or SDK—a set of tools that helps app developers get something done faster. Many SDKs help developers debug their code or hook into useful services, but others help advertisers and marketing companies peer into your private life. Take the iHeartRadio app for example: Last fall, Medium reported that it contained code from Cuebiq’s SDK, which would permit user data to be sold for the purposes of ad tracking.
All of this should make you skeptical of marketing like Apple’s recent “privacy matters” campaign. While the company offers tools within Safari to block trackers on the web, it doesn’t offer any control over trackers embedded in apps that are distributed through the iOS App Store. Most people use the Google Chrome browser anyway, and it has even fewer privacy protections baked in. (Apple does ask developers to “respect user preferences for how data is used,” but good luck with that.)
SDKs present a solution to Apple’s pesky tracking restriction for advertisers. They can connect who you are between apps, provided the developer of each app uses the same SDK and the advertiser is able to use signals to figure out who you are. If we look at the top 200 apps on the iOS App Store, it’s interesting to see how broad the reach of most SDKs actually is.
The top 10 most commonly used SDK libraries in the top iOS apps, as reported by analytics firm Mighty Signal, are largely provided by Facebook (three out of 10) and Google (four out of 10). Google’s AdMob tools, for example, helps developers show advertising and track their users, and it’s integrated into 78% of the top apps on iOS—everything from the Holy Bible to LinkedIn. Facebook’s “Core Kit,” which provides access to the social platform’s features, is integrated into 61% of top apps. The list goes on.
Both of these SDKs allow Facebook and Google to track users beyond their desktop web browsers and automatically collect information like when you installed the app, each time you opened it, and what you purchased.
Tracking in SDKs is clearly part of the modern App Store ecosystem, and it goes far beyond the big corporate names. There are a dizzying array of companies you’ve never heard of invisibly tracking your habits in apps you use every day. Networks like Vungle, Apps Flyer, and Applovin all call themselves “advertising and analytics” platforms. They help developers monetize their apps, and all of them track data to sell to other partners behind the scenes as well.
This often overflows into our daily lives in weird ways. The technology podcast Reply All recently dug into mysterious automated robocalls, which were somehow matching the area code of producer Damiano Marchetti, even adjusting to different locations as he traveled. How could such robocallers know where you physically are?
After digging into all of Damiano’s apps, Reply All made a discovery: He had downloaded a game called Mobile Legends: Bang Bang, which reported the phone’s location and IMEI (a unique identifier) to a bunch of analytics companies, which then sold that data, eventually leading to robocallers purchasing it…….Read more>>