[Guest Post]Is Privacy Possible on Modern Phones? Part 2 - Your Favorite App’s Dark Side
Welcome back to Guest Post Tuesday
This is part 2 of a guest post by Hakeem Anwar from Above Phone and Take Back Our Tech about modern phone privacy. Read Part 1 here.
In Part 1, we explored how the operating system is the foundation of your phone’s privacy.
Even with a privacy-respecting OS, you better think twice about the next app you install.
In 2019, researchers across several universities launched an ambitious study.
They tracked 12,000 users with Android phones using 14,599 different apps off of the Google Play Store.
Half of the apps had more than 1 million installs.
These were household names, probably installed on your phone at one time.
And they had 11 different domains hidden in them on average.
How did the researchers pull it off?
Users voluntarily installed an app that monitored the connections of the other apps on the phone.
When using an app, you may expect it to connect to one source - the servers of the developer, or different resources for content.
Instead, we found the average app made connections to 11 different domains.
Think about that, every time you open an app— whether it's for checking the weather, reading news, or playing a simple game, your information could potentially be shared to 11 different companies.
The researchers used a classifier to detect which domains were not related to the original developer.
But it also hunted down ATS (Advertising and Tracking System) domains, belonging to analytics companies.
From my time developing mobile apps, I’m familiar with these companies. They collect user and usage data from apps for the purposes of advertising, tracking, and analytics.
They can then aggregate, clean up, and sell this data to the highest bidder. They can also be further aggregated and sold as massive datasets, like Fog Data Science in 2022.
Fog pioneered this space by purchasing data in bulk, with enough information that they could create a profile on each user.
With apps that had geolocation enabled, they were even able to create a historical location log.
Guess who they sold this to?
18 local, state, and federal law enforcement clients, that we know for sure.
The data gathered from apps become an easy way to sidestep the constitutional protections of the right of privacy.
If you’re giving away your data, someone is more than happy to sell it.
But how were they able to bring multiple source of data together so easily?
Before 2019, Android’s security model did not prevent apps from harvesting unique IDs such as the IMEI, IMSI, SIM number, Android Advertising ID, and Phone Number.
These privacy leaks were fixed after 2019 (now apps are limited to the Android ID) but the damage remains done.
Why?
Because these analytics providers turned out to be owned by big tech companies.
16 out of the 20 most pervasive ATS domains are owned by Google’s parent company Alphabet, and thousands of analytics companies are owned by 292 parent organizations. Many of them the biggest names in tech that track users through other mediums.
We unpack more details from our original tell-all about mobile privacy on #TBOT, but the main point is that Google has control of more than just their operating system.
Big tech companies are everywhere.
And they use all the information they gather to send you the perfect ad for you, cultivated off your experiences across your apps.
Note:
If you use an iPhone, don’t think we forgot about you. A separate study showed on average an iPhone app connected to 3 third party domains, and 47% of iOS apps shared geo-location coordinates and other location data with third parties.
Are there apps that don’t track me?
Dear reader, I’m glad you asked.
The de-googled phone movement wouldn’t have gotten far without apps, there are several sources to choose from.
F-Droid: This is the most well known catalog of FOSS (Free and Open Source) apps, which are required to publish their source code. Although these apps can sometimes connect to third party domains, they don’t run any proprietary code - which is what every analytics and advertising service offers.
Aurora Store: Although Aurora Store is a front end to the Google Play Store, it comes with the revolutionary feature of being able to see what proprietary libraries are included with the app. You can spot advertising and analytics before you install the app. That’s informed consent!
These apps come standard with the Above Phone, and you also have the ability to tweak your apps permissions.
You can change:
What folders your app has access to
What contacts (out of your entire address book) your app has access to
Microphone, camera, phone
You can even cut off apps from the internet!
Again, de-googled phones aren’t just an alternative. They are truly better than big tech.
Going Above
Since 2021, we’ve been committed to making private open-source solutions easy for everyone.
We provide de-googled phones, Linux laptops, and important software services as part of Above Suite.
Its a whole ecosystem of technology that works well together and respects you.
Here’s some of the things you can do:
It just works: cellular, WiFi, Bluetooth, Hotspot, Camera
Download apps from open-source app stores, and privately from official app stores
Control every single permission. Killswitches for your camera and microphone.
Navigate completely offline using downloaded maps & GPS. No internet required.
Run multiple phone numbers on one phone using an internet phone number
Use encrypted communications to chat, video conference, and make calls
Worried it might be hard?
Every phone comes with a free 45 minute support call with one of our support engineers. That’s right, a real person - not a robo voice.
Plus you get free email & chat support, access to videos, guides, and much more.
Use code FIREWALL50 for $50 off your new phone.
Shop here: https://abovephone.com/firewall
About us: https://abovephone.com/about
Want to learn more? Check out our monthly webinars on the phone at: https://abovephone.com/webinar
Thank you so much to Hakeem, I am grateful to have been connected with you!
If you’d like to participate in a future edition of Guest Post Tuesday please comment, send me a DM here or connect with me on Signal @ btfprivacy.87
Until next time…
Stay Informed. Stay Secure. Stay Curious.
 | A guest post by
|
Welcome to Minority Report.