How An iPhone App Can See Your Location Without Asking

Lately, there have been some serious privacy concerns about how apps are tracking user’s location and personal information. The Wall Street Journal performed a survey of multiple, various applications on both Android and iOS and discovered that many apps are sending information (like the device’s location) without explicit permission from the user.

In particular, an app called “Pumpkin Maker” traced the general location of a device without requesting any type of permission from its user. The Journal contacted the app’s develepor and gained some valuable knowledge on how, and why, the stealthy tracking of app users is taking place…

Pumpkin Maker is a free app that that allows you to virtually carve pumpkins and share them with friends. Sounds pretty harmless right? When the Journal conducted their survey of random, stealthy app behavior they found that Pumpkin Maker was sending the user’s location and general demographic information to an ad agency without any notice. The Journal says that,

“The app’s maker, Anthony Campiti, says he inserted a software “kit” from an advertising network, Greystripe Inc. That’s a common practice among app makers, who use these ready-made kits to place ads and generate revenue. Some apps use multiple kits; one of the 101 iPhone and Android apps tested by the Journal sent information to eight ad networks.”

These “kits” seem to be the main culprit in this privacy issue. In this instance, Greystripe Inc. tracked a phone by identifying its internet address. That’s a common practice among websites, but not so much with mobile devices. Most apps use Wi-Fi or GPS to determine a device’s location.

The Journal reports,

“Greystripe’s method wasn’t particularly precise. The app reported latitude and longitude coordinates about three miles from the Denver office of the Journal’s contractor. Other apps tested by the Journal located a phone within 25 feet.

Mr. Chang (Greystipe’s Chief Executive) says Greystripe’s method does not violate Apple’s rules because it doesn’t use the GPS system or other location information from the phone itself.”

It seems that this loophole is the reason that some apps don’t necessarily have to let the user in on the information that they’re sending to third parties. The Journal’s findings varied. Some apps only sent very general information, such as the city the device was in, while some got as exact as a 25 foot radius.

In the case of Pumpkin Maker, the app’s develepor pleaded ignorance to the Journal,

“Mr. Campiti, Pumpkin Maker’s developer, says he wasn’t aware of Apple’s policy requiring user permission for tapping the phone’s location “because we don’t do that.” Mr. Campiti says Greystripe’s technique is acceptable because “they need to be able to do that to effectively advertise.”

Hopefully, more light will continue to be shed on how apps are managing our personal data. Interestingly enough, Apple declined to comment on this issue when asked by the Journal.

Right now, the most important thing you can do is pay attention to the information that apps are requesting from you.

You can always go to your iPhone’s Settings > General > Location Services and manage what apps are allowed to know your GPS location. You can even turn Location Services off entirely.

What do you think about this issue? While it is true that a whole market makes its money off knowing as much about you as possible, where does the line need to be drawn?

[via The Wall Street Journal]