NEW YORK (NYTIMES) – The millions of dots on the map trace highways, side streets and bike trails – each one following the path of an anonymous cellphone user.
One path tracks someone from a home outside Newark, New Jersey, to a nearby Planned Parenthood. Another represents a person who travels with New York’s mayor during the day and returns to Long Island at night.
Yet another leaves a house in upstate New York at 7 am and travels to a middle school 14 miles away, staying until late afternoon each school day. Only one person makes that trip: Lisa Magrin, 46, a math teacher. Her smartphone goes with her.
An app on the device gathered her location information, which was then sold without her knowledge. It recorded her whereabouts as often as every two seconds, according to a database of more than 1 million phones in the New York area that was reviewed by The New York Times.
While Magrin’s identity was not disclosed in those records, The Times was able to easily connect her to that dot.
The app tracked her as she went to a Weight Watchers meeting and to her dermatologist’s office. It followed her hiking and staying at her ex-boyfriend’s home, information she found disturbing.
“It’s the thought of people finding out those intimate details that you don’t want people to know,” said Magrin, who allowed The Times to review her location data.
Like many consumers, Magrin knew apps could track people’s movements. But as smartphones have become ubiquitous and technology more accurate, an industry of snooping on people’s daily habits has spread and grown more intrusive.
At least 75 companies receive anonymous, precise location data from apps whose users enable location services to get local news and weather or other information, The Times found. The database reviewed by The Times – a sample of information gathered in 2017 and held by one company – reveals people’s travels in startling detail, accurate to within a few yards and in some cases updated more than 14,000 times a day.
These companies sell, use or analyse the data to cater to advertisers, retail outlets and even hedge funds. It is a hot market, with sales of location-targeted advertising reaching an estimated US$21 billion this year. IBM has gotten into the industry, with its purchase of the Weather Channel’s apps.
Businesses say their interest is in the patterns, not the identities, that the data reveals about consumers. They note that the information apps collect is tied not to someone’s name or phone number but to a unique ID.
But those with access to the raw data – including employees or clients – could still identify a person without consent. They could follow someone they knew, by pinpointing a phone that regularly spent time at that person’s home address. Or, working in reverse, they could attach a name to an anonymous dot, by seeing where the device spent nights and using public records to figure out who lived there.
After Elise Lee, a nurse in Manhattan, saw that her device had been tracked to the main operating room at the hospital where she works, she expressed concern about her privacy and that of her patients.
“It’s very scary,” said Lee, who allowed The Times to examine her location history in the data set it reviewed.
Retailers look to tracking companies to tell them about their own customers and their competitors’. For a web seminar last year, Elina Greenstein, an executive at the location company GroundTruth, mapped out the path of a hypothetical consumer from home to work to show potential clients how tracking could reveal a person’s preferences.
“We look to understand who a person is, based on where they’ve been and where they’re going, in order to influence what they’re going to do next,” Greenstein said.
Health care facilities are among the more enticing but troubling areas for tracking, as Lee’s reaction demonstrated. Tell All Digital, a Long Island advertising firm that is a client of a location company, says it runs ad campaigns for personal injury lawyers targeting people anonymously in emergency rooms.
To evaluate location-sharing practices, The Times tested 20 apps, most of which had been flagged by researchers and industry insiders as potentially sharing the data. Together, 17 of the apps sent exact latitude and longitude to about 70 businesses. Precise location data from one app, WeatherBug on iOS, was received by 40 companies.
When contacted by The Times, some of the companies that received that data described it as “unsolicited” or “inappropriate.”
A Question of Awareness
Companies that use location data say people agree to share their information in exchange for customized services, rewards and discounts. Magrin, the teacher, noted that she liked that tracking technology let her record her jogging routes.
Brian Wong, chief executive of Kiip, a mobile ad firm that has also sold anonymous data from some of the apps it works with, says users give apps permission to use and share their data.
“You are receiving these services for free because advertisers are helping monetise and pay for it,” he said, adding, “You would have to be pretty oblivious if you are not aware that this is going on.”
But Lee, the nurse, had a different view. “I guess that’s what they have to tell themselves,” she said of the companies. “But come on.”
Lee had given apps on her iPhone access to her location only for certain purposes and only if they did not indicate that the information would be used for anything else, she said. Magrin had allowed about a dozen apps on her Android phone access to her whereabouts for services like traffic notifications.
But it is easy to share information without realising it. Of the 17 apps The Times saw sending precise location data, just three on iOS and one on Android told users in a prompt during the permission process that the information could be used for advertising.
Following the Money
Apps form the backbone of this new location data economy.
The app developers can make money by directly selling their data, or by sharing it for location-based ads, which command a premium. Location data companies pay half a cent to 2 cents per user per month, according to offer letters to app makers reviewed by The Times.
Google and Facebook, which dominate the mobile ad market, also lead in location-based advertising. Both companies collect the data from their own apps. They say they do not sell it but keep it for themselves to personalise their services, sell targeted ads across the internet and track whether the ads lead to sales at brick-and-mortar stores.
Apple and Google have a financial interest in keeping developers happy, but both have taken steps to limit location data collection. In the most recent version of Android, apps that are not in use can collect locations “a few times an hour”, instead of continuously.
Apple has been stricter, for example requiring apps to justify collecting location details in pop-up messages. But Apple’s instructions for writing these pop-ups do not mention advertising or data sale.
Apple recently shelved plans that industry insiders say would have significantly curtailed location collection. Last year, the company said an upcoming version of iOS would show a blue bar on screen whenever an app not in use was gaining access to location data.
The discussion served as a “warning shot” to people in the location industry, David Shim, chief executive of the location company Placed, said at an industry event last year.
Source: Read Full Article