Don’t Trust Android
In late August, a California resident sued Google, accusing it of illegally collecting information about the movements of citizens even when “location history” was turned off in the smartphone settings. Lean more google location history …
A week earlier, Associated Press journalists conducted an investigation, which confirmed that the corporation stores geolocation data even when prohibiting its users to share it. According to the agency, the problem affects about 2 billion Android devices and hundreds of millions of iPhone owners around the world.
On hot pursuit, Roskomnadzor sent a request to Google with a request to clarify the issue of storing information about the location of users without their consent.
Such incidents are not isolated. In spring 2018, Google was accused of collecting the history of site visits through the Safari browser from August 2011 to February 2012. A class action lawsuit was filed in the High Court of England and Wales. Nearly 4.4 million Britons were among the victims.
GOOGLE DENIES THE CHARGES AND INSISTS THAT USERS CAN DISABLE ACCESS TO LOCATION DATA. IN THIS CASE, THE DEVICE OWNER’S LOCATION COORDINATES WILL NOT BE SAVED
Such a statement by the corporation was disseminated by the media.
Last fall it was found that the Android devices during the year accumulated information about the location of users with regard to the cell towers. The data was collected even when the geolocation service was disabled. Google did not deny the incident, but said that the information was not stored and was never used.
In developing countries, low-cost smartphones are sold with pre-installed software that sends data to third-party servers. In particular, the Singtech P10 gadget sold in Myanmar and Cambodia collected geolocation data from devices and then sold it to the Taiwanese marketing company General Mobile (GMobi). Experts note that the GMobi app is pre-installed, and it’s difficult for the average person to figure out how to remove it.
Customize your audience
Global services make no secret of the fact that they have long been collecting data for further mailing of targeted ads to clients’ devices.
According to experts at Sovzond, geolocation analytics can provide a high level of detail in marketing by combining data on customer trends, psychological and demographic factors and even emotional sentiment analysis results.
The more modern a smartphone a person has, the more successfully mobile operators can capture geo-positioning, said Sergey Marin, representative of Beeline. According to him, geo-analytics is one of the obvious tasks of a telecom operator in the field of Big Data. The expert called customer information in demand for businesses and government agencies.
A year ago VympelCom (brand “Beeline”) was looking for a supplier of a system of higher accuracy to determine the geolocation of mobile devices in its network. The new solution would allow the company to receive geo-coordinates in automatic mode. The operator needs the information on movements to locate base stations more precisely and thus increase the efficiency of investments in the construction of infrastructure.
Recently, VimpelCom began to provide Big Data to Gazprom-Media Digital for targeting mobile video advertising. However, the operator stresses that it uses depersonalized personal data (PD).
However, the services can read not only the location, but also the duration of the visit to the site, sex, age, habits, and the user’s device type, etc., without being linked to the name. Thus, there is no need to talk about anonymity on the Web. “Everyone is identified, targeted, profiled, and advertising is targeted,” stated the head of Roskomnadzor Alexander Zharov in an interview.
“THE LEGISLATION SHOULD INTRODUCE A NEW CONCEPT – BIG USER DATA. THEY BECAME IDENTIFIERS OF PERSONALITY AND ARE TRADED FOR A LONG TIME”According to the head of the agency
It is planned that the revision and systematization of the industry regulator will take place in 2018, Zharov specified.
One of the effective methods of obtaining information about the geographical location of an Internet user is authorization data from social networks.
“VKontakte” launched targeting by exact location in 2016. The social network explained that the innovation will allow advertisers to attract customers by showing them ads near retail outlets. To determine the area of display, you need to set a radius (from 500 meters to 100 kilometers). Then, users who are in this area will see the ads.
Targeting tools offered by Facebook. Any company can “reach” people within a certain radius.
Social networks are also becoming involved in scandals involving user tracking. In May, Facebook was accused of collecting customers’ personal information, including geolocation information, through a mobile app. The lawsuit was filed in California court by Six4Three.
FACEBOOK IS INVESTIGATING ALL SERVICES THAT HAD ACCESS TO LARGE AMOUNTS OF PDSpeaking to the European Parliament, the head of the company, Mark Zuckerberg, said
It is worth noting that in May, the EU enacted the Data Protection Regulation (GDPR). The norms of the document also apply to social networks. The Regulation is designed to protect the data of all people in Europe. Russian users have recently been notified that they may also request information about the information they collect.
Communication platforms are really going public. Twitter already made information about ad customers transparent in June.
Turn off location
The location of a user’s device is determined using their current IP address. As a rule, mobile apps that collect any information ask for the appropriate permissions when registering.
Many smartphone services have this feature. For example, in the music Shazam, Dr.Web antivirus, the mobile version of “Alfa Insurance”, calculator, calendar and many others. Obviously, disabling geolocation will not prevent such applications from working correctly, while for others (e.g. Booking.com, Yandex.Maps) this restriction will prevent them from displaying meaningful information.
Geo-positioning is necessary for the accuracy of processing user requests. Then search engines save time and give relevant answers based on the subscriber’s location. Thus, when requesting “how much is an apartment”, the sites with ads for real estate in the “bound” city are loaded first. The designated location helps determine where the nearest cafes, restaurants, theaters, fitness centers, etc. are located.
KASPERSKY LAB EXPERTS (LC) HAVE INCLUDED “LOCATION” APP PERMISSIONS IN THE LIST OF DANGEROUS
This access allows the program to monitor all the movements of the user. It can be used by crooks, for example, to find out if a person has gone on vacation and rob his home.
LC analysts also found out that many popular online dating services make available citizens’ GPS coordinates using unsecured HTTP (HyperText Transfer Protocol) protocols. On Wi-Fi networks, unencrypted data can be intercepted, they claim.
Information sent over HTTP can also be altered. With a fake link, an attacker can easily get a user to install malware.
63% of applications use HTTPS (HyperText Transfer Protocol Secure), but most also use HTTP.
ALMOST 90% OF APPLICATIONS USE UNSECURED PROTOCOLS, AND MANY OF THEM SEND SENSITIVE DATA IN UNENCRYPTED FORM
Kaspersky Lab’s research from January 2018 reveals this.
Geolocation tools contain vulnerabilities that allow hackers to expose the data of owners of millions of devices. Researchers Vangelis Stykas and Michael Gruhn called such massive “holes” Trackmageddon.
They found them this year in hundreds of services installed on GPS-enabled devices, such as child and pet trackers.
One of their vendors, ThinkRace, according to the researchers, may have been the developer and seller of software licenses containing the vulnerability.
Users can protect their privacy by knowing simple rules. The first thing to do is to check app permissions and not give them access to location data. Especially, as mentioned earlier, most services do not need it.
It is also not recommended to install any programs from untrusted sources.
THE LIST OF ISSUED PERMISSIONS CAN ALWAYS BE CHECKED AND CHANGED IN THE SETTINGS OF THE OPERATING SYSTEM
How to properly disable geolocation and manage location settings, tell Yandex and Microsoft.
To achieve complete anonymity, you can hide your real IP address. It is believed that when using a VPN (Virtual Private Network), network traffic is encrypted and reliably protected. But private networks also have incidents. In late August 2018, VPN client Onavo Protect violated data collection rules. Upon Apple’s complaint, the service was removed from the App Store. Curiously, the app belonged to Facebook.
Experts advise enabling “incognito” mode in the browser, which allows users to keep requests and visits secret. And they recommend installing Yandex.Metrika or Google Analytics blockers. They prevent cookies from being placed on the visitor’s computer and limit the collection of web statistics.