According to a new report, many iOS apps continue to sell location data to brokers despite Apple’s privacy policies and crackdowns. Without legislation curbing the location data trade, Apple and Google have become de facto regulators aiming to keep users’ location data private. But, their moves have been insufficient.
Location data brokers are collecting users’ whereabouts using a workaround that bypasses Apple’s privacy policies
Apple and Goole have previously cracked down on data brokers that market software development kits (SDKs) to app developers. SDKs are used to add features to an app without building them for stretch and these SDKs specifically were designed to and user location data to brokers.
According to a new report The Markup, Apple and Google’s moves to police the location data industry have been inadequate. Experts and location data industry workers told the publication that there are a ton of loopholes in the tech giants’ policies that allow location data to be collected, even without the use of SDKs.
“The challenge, and this is a challenge with data brokers in general, is that you’re playing whack-a-mole, where these companies have many different vectors through which they get people’s sensitive information,” Justin Sherman, a cyber policy fellow at the Duke Technology Policy Lab, said.
Apple’s policy requires developers to disclose what data they are collecting from users and to get consent from users before sharing their data. However, it does not require developers to disclose to whom they are selling that data. Google’s policy states that developers cannot sell personal and sensitive user data, which includes device location. However, these policies are not easy to audit.
The piece notes that there is a financial incentive for popular apps to bypass Apple and Google’s privacy policies.
In an email sent to an app developer and reviewed by The Markup, Veraset, a location data broker that is a subset of the company SafeGraph, pitched that the developer could “send data to Veraset server-to-server (no need to install or maintain an SDK).” The pitch also noted that apps can make from $12,000 to $1 million a year for sending their users’ location data to the company.
In conclusion, there is no way Apple and Google can police this practice and only government regulation can prevent it from happening, according to experts.