A report by The Washington Post revealed that applications exploit iPhone’s Background App Refresh feature. These apps use the function to send personal data to tracking companies. Technology columnist Geoffrey A. Fowler says that his iPhone has been interacting with various trackers, relaying sensitive data.
With the help of privacy company Disconnect, Fowler had his iPhone tested, leading to the discovery of thousands of trackers. According to the user, the phone transferred more than 1 gigabyte of data in one month.
Fowler found that apps installed on iPhones have been transferring user info. This is despite Apple products having the reputation of being highly secured. These applications include Spotify, Nike and Microsoft OneDrive.
The device was in touch with more than 5,400 trackers in just a week.
Fowler remarks that in one night, the device contacted 12 research organizations, marketing firms and other data gathering entities. One of the firms the device contacted is Amplitude, which obtained the user’s mobile number, email address and exact location. Firms such as Appboy and Demdex acquired the phone’s digital fingerprint and embedded identification methods, respectively.
Meanwhile, review company Yelp received messages including the user’s IP address. This occurred continuously with the startling frequency of one message every five minutes. Crime monitoring app Citizen shared personal data which violates its own privacy policy. As of this writing, Citizen removed its trackers.
The purpose of trackers
The Next Web notes that third-party apps utilize trackers to gather information for their analytics. This means that trackers are not ‘inherently bad’. This is because some companies use such practices for performance improvement and assessing usage patterns. However, it noted that the rate of the occurrence is a cause of concern. Moreover, the type of information tracked makes the practice concerning.
In some cases, these trackers alert companies each time you open the app in question. However, the case of DoorDash shows that there are firms that gather inappropriate data, says Fowler. This includes device name, model, memory size, address, name, network carrier, ad identifier and even accelerometer info. The report says that DoorDash utilizes 9 different trackers for data gathering.
Disconnect says that users can take measures to prevent such transfer of info. Moreover, Apple can incorporate features for security. Fowler clarified that this kind of privacy breach is not exclusive to Apple products. Android systems are also vulnerable to these data mining practices.
