Home Hugely popular apps involved in location data controversy

Hugely popular apps involved in location data controversy

A massive data harvest controversy has been uncovered, with the unwitting involvement of some of the biggest mobile apps in the world. 

Due to the actions of some working within the advertising industry, sensitive location data is being gathered on a huge scale and passed on to a company whose subsidiary entity previously sold data to U.S. law enforcement agencies. 

As detailed extensively by Wired, global location data from thousands of apps was found in hacked files belonging to Gravy Analytics. 

Beyond the scale of the issue and the vast quantity of data involved, the collection included various well-known and popular titles such as the enduring Candy Crush and Tinder. Other obscure apps were involved, as were those dedicated to religious prayers and even pregnancy tracking. 

A particular problem for the developers of the headline titles is the data has been amassed through the wider online advertising ecosystem and not through channels or code established directly by the app creators.  

Most of it has taken place without any consent or knowledge on the part of the apps’ users or developers.

After reviewing a sample of the data involved, a professional at cybersecurity firm Silent Push gave 404 Media his understanding of the incident.

“For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising ‘bid stream,’ rather than code embedded into the apps themselves,” said senior threat analyst, Zach Edwards.

Users impacted across the States, Europe, and Russia

Previously, location data collectors paid app developers to insert code to gather relevant location data on users but this incident shows more evidence that entities are gravitating toward the machinery of advertising to get what they are after. 

With ads embedded in apps, leakage means the brokers can harvest the data and information on the location of users’ mobile devices.

The hacked Gravy Analytics data showed user coordinates right across the United States, Europe, and Russia. 

Beyond Candy Crush and Tinder, there were further established app names such as Temple Run and Harry Potter games embroiled in the harvest. Transport app Moovit was found, as were the popular fitness app, MyFitnessPal, Flightradar24, social app Tumblr, and Microsoft’s Office 365. 

Ironically, several VPN providers (used to hide locations and enhance privacy) were also located in the data tranche.

Image credit: Via Midjourney

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech, gambling and blockchain industries for major developments, new product and brand launches, AI breakthroughs, game releases and other newsworthy events. Editors assign relevant stories to in-house staff writers with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Graeme Hanna
Tech Journalist

Graeme Hanna is a full-time, freelance writer with significant experience in online news as well as content writing. Since January 2021, he has contributed as a football and news writer for several mainstream UK titles including The Glasgow Times, Rangers Review, Manchester Evening News, MyLondon, Give Me Sport, and the Belfast News Letter. Graeme has worked across several briefs including news and feature writing in addition to other significant work experience in professional services. Now a contributing news writer at ReadWrite.com, he is involved with pitching relevant content for publication as well as writing engaging tech news stories.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.