Just a few years ago, information technology security experts and nontechies alike pooh-poohed the threat of tech companies acquiring data about you from your smartphone. As technology has progressed, however, more and more folks are becoming concerned about what type of data is being gathered and how it is being used. What should folks do to protect themselves?
Concerns were elevated in January with reports that Gravy Analytics had been compromised by Russian hackers. Contrary to its name, Gravy Analytics is not a vendor for Zippy’s or Rainbow Drive-In. Rather, Gravy is a company that collects and sells location data that is harvested from people’s smartphones.
In fact, in late 2024, Gravy (and its subsidiary, Venntel) were accused by the Federal Trade Commission of illegally collecting and selling location data without the knowledge and consent of phone users. The FTC claims that people Gravy tracked had visited sensitive locations such as government buildings, health care providers and places of worship.
Gravy is not unique in possessing this type of data. The collection of this data actually comes through advertising methods — primarily targeted ads — that grab your location from literally thousands of apps.
The exact details of how the data is collected is far too detailed for this space. App developers aren’t even involved. But the affected apps span the spectrum of utility, including extremely popular apps such as Candy Crush and Tinder; Yahoo’s email client, Microsoft’s 365; and a wide range of others such as pregnancy tracking, religious apps and, ironically, VPNs. There is no platform discrimination; both Android and iOS users are affected.
So what can you do? Turning off location services would prevent you from being tracked but also disables some obviously desirable functions. Instead, the National Security Agency recommends limiting apps to as few permissions as possible, setting privacy settings to ensure apps are not using or sharing location data, and the kicker, “(a)void using apps related to location if possible. Location privacy/permission settings for such apps should be set to either not allow location data usage or, at most, allow location data usage only while using the app.”
NSA goes on to say, “Disable advertising permissions to the greatest extent possible: Set privacy settings to limit ad tracking. … Reset the advertising ID for the device on a regular basis. At a minimum, this should be on a weekly basis.”
The settings to follow the NSA recommendations can be found here (note that for older phones, the instructions might not be exact):
>> Android phones: Go to “Settings,” then “Privacy,” then “Ads” and, finally, ”Delete advertising ID.”
>> iOS phones: Go to “Settings,” “Privacy & Security,” “Tracking” and “Allow Apps to Request to Track.”
Is this paranoia? Are they really out to get you? Do you really need anyone knowing what doctor you go to? And how often? Or what church you go to, or where you grab a drink?
Just a little bit of care and these worries can be mitigated.
John Agsalud is an information technology expert with more than 25 years of IT experience in Hawaii and around the world. He can be reached at jagsalud@live.com.
