Phone location data goes to the highest bidder in a $12 billion market

0comments
Phone location data goes to the highest bidder in a $12 billion market
Next time when an app prompts you to use your location data at all times you may want to decline as it turns out a $12 billion market is built on selling location data to the highest bidder, reports The Next Web.

There are numerous data mining companies who aggregate location data together with other identifiers anonymously and then sell it to entities that need it - from retail foot traffic analysts, to military contractors that ping prayer apps to locate targets.

At best, apps should only have access to your location when absolutely unavoidable, i.e. navigation ones like Google Maps, and only when the app is running. Even then "apps can circumvent the permission model and gain access to protected data without user consent by using both covert and side channels" tips Serge Egelman, a researcher at UC Berkeley’s ​​International Computer Science Institute and CTO of AppCensus.

On top of that, as per Yiannis Tsiounis, CEO of Advan Research that deals in location analytics:


We couldn't agree more and yet the location analytics horse is out of the barn and Big Data companies like Oracle or Amazon trade in such services which makes it even harder to scrutinize and regulate. Most location data is, of course, used for legitimate business consultancy and ad targeting purposes, as per Mr Tsounis again:

Recommended Stories

Other times, however, the location data can be used for tracking military personnel or people based on their political beliefs to gauge attendance at rallies and so on. 

According to Justin Sherman, a cyber policy fellow at Duke University’s Technology Policy Lab "there is virtually nothing in U.S. law preventing an American company from selling data on two million service members, let’s say, to some Russian company that’s just a front for the Russian government." His research on one of the top location data brokers brought back a number of unsavory findings:

  • All 10 surveyed data brokers openly and explicitly advertise data on millions of U.S. individuals, oftentimes advertising thousands or tens of thousands of sub-attributes on each of those individuals, ranging from demographic information to personal activities and life preferences (e.g., politics, travel, banking, healthcare, consumer goods and services)
  • People-search websites aggregate public records on individuals and make it possible for anyone to search for major activist figures, senior military personnel, and other individuals - uncovering home address, phone number, and other information as well as the names of known family members and relatives
  • Oracle has a data partner that openly and explicitly advertises data on U.S. individuals’ interest in political organizations, figures, and causes, including but not limited to data on those who support the National Association for the Advancement of Colored People (NAACP), Planned Parenthood, the American Civil Liberties Union (ACLU), and the National LGBTQ Task Force
  • Oracle, Epsilon, and other data brokers openly and explicitly advertise data sharing platforms to which anywhere from dozens to thousands of companies contribute data on individuals
  • Multiple data brokers advertise the ability to locate individuals, ranging from the use of driver license records and other aggregated data to pinpointing phone geolocations
  • Three major U.S. data brokers, Acxiom, LexisNexis, and Nielsen, openly and explicitly advertise data on current or former U.S. military personnel; LexisNexis advertises a capability to search an individual and identify whether they are active-duty military; and other brokers likely sweep up military personnel in their larger data sets.

There you have it, despite Apple and Google's major efforts in policing their app stores and booting shadow personal data brokers masquerading as legitimate apps, there is still a lot of work to be done to follow through. 

Once a bunch of unsavory apps were gone from the official app stores, they sometimes crawl back in via their SDK kits, and this cat and mouse game can only be avoided with tighter personal data privacy regulations akin to what Europe is doing, even if not perfect.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless