Netzpolitik.org, along with BR and other editorial teams, obtained and examined a data set from a data broker: a snapshot containing 380 million location data from 137 countries, distributed by approximately 40,000 different apps to the data broker. The dataset was intended to serve as an advertisement for a monthly subscription with daily updated data.
Advertisement
Last week, a data leak at US data broker Gravy Analytics revealed that at least 15,000 apps were collecting location data, some of which was accurate, and sending it to the company’s servers. The reasons for burglary, which are now accepted, can also be considered public.
A large number of apps were affected
The research network’s data pool includes apps for both Android and iOS. These obviously provide advertising IDs, location data, and connections to associated apps. The US data dealer in question was until recently called Datastream Group, but the data thief now operates under the name Datasys.
The categories of apps that provide data are quite broad: from games, dating and shopping to news and education. Network politics in analysis“These include some of the most popular apps in the world, some of which have been downloaded millions of times.”
Journalists were able to find “remarkably accurate location data” for some apps. One of these is Weather Online, Germany’s most popular weather app. “In just one day in Germany, thousands of Weather Online users were tracked, some of them with an accuracy of meters. There is also precise location data for users of other popular apps like Focus Online, Classifieds and Flightradar 24,” explains Are. research Group.
This fund also included updates for “Tinder, Grindr and Candy Crush Saga as well as Axel Springer Group, Web.de and GMX.de. Here, however, users were apparently located only on the basis of IP address, i.e. With ambiguity in the mileage area.” Netzpolitik also writes, “Apps can expose vulnerable groups” – this was also made clear in the data leak at Gravy Analytics, as many of the apps there provide location data, for example related to pregnancy. For example, in the United States, because of sometimes very restrictive laws against abortion, this may arouse the desire of the state.
While some apps have provided very accurate data to the data broker, making it possible to create movement profiles, most are not at least that accurate: “In our estimation, the majority of apps in our data set do not have an accurate location assigned to them.” The affected users were located inside *these apps, therefore, not through GPS, but through their public IP addresses.”
Responses to data set
Position data is used by advertisers for more precise targeting. This allows you to display targeted advertising that is more likely to meet the interests of the target user. Secret services also use this data, Netzpolitik reports.
Journalists asked the Bavarian State Data Protection Officer Michael Will for an assessment. In the interview, he described the findings as “serious” and “appalling” and saw them as a “gross breach of trust”. “This goes against everything the average user expects from apps – being able to track where they’ve been for months.” The data broker was not even allowed to keep this data. “This goes beyond the rules of the game that have been agreed upon,” Will told Netzpolitik, by which rules of the game meant, among other things, the GDPR.
The Federal Ministry of Consumer Protection wrote to journalists that the collection of data with which data merchants do business should be stopped, telling Netzpolitik: “We have to stop the app from offering incentives to collect more against personalized advertising. “Effective EU-wide protection is needed.” Data is essential to serve an app.” Accordingly, the Ministry is committed to continuously switch to alternative advertising models.
The research group concludes that the advertising market is free from any control. He sees the EU as having a duty to respond: “The ball is in the EU’s court.”
(DMK)
