How 12,000 Apps Exposed Your Personal Data

Over 12,000 apps on your device, including popular ones like Candy Crush and Tinder, have been part of a massive data breach exposing personal information such as location data. Gravy Analytics was hacked, compromising billions of data points. Use services like Delete Me and modify device settings to safeguard your privacy.

What You’ll Learn

  • How 12,000 popular apps compromised your data.
  • Steps to safeguard your privacy on Android and iOS.
  • Insight into the operations of data brokers like Gravy Analytics.
  • Actionable advice on disabling advertising IDs.
  • Learn about the real-time bidding scenario in online ads.
  • Why you should delete your personal data from broker websites.

What happened with the 12,000 apps?

In a shocking turn of events, over 12,000 apps have put your personal information on the line, revealing sensitive data like your location. From household names like Candy Crush and Tinder to apps for tracking fitness and periods, the breach encompasses popular apps on both iOS and Android platforms. This enormous data leakage stems from a breach at Gravy Analytics, a data broker that’s become a newfound source of major concern.

Gravy Analytics found itself in the crosshairs when a hacker claimed to have pilfered 10 terabytes of data comprising billions of location points. To demonstrate the scope of the breach, the hacker released a sample containing 1.4 GB of data with over 30 million location points – a staggering amount for a “little sample”. If picturing data points scattered across a map doesn’t quite drive the point home, imagine a caretaker inadvertently leaving entire volumes from a library of secrets scattered out in the open.

How was your information exposed?

You might wonder how your digital traces ended up in the wrong hands. Were these apps actually spying on you? Here’s how it unfolds. Advertising within apps includes a component called real-time bidding, essentially an auction for ad space among competing companies. These competitions involve sharing your device’s information — its make, model, IP address, and even your precise location if you’ve consented within the app. Companies use this data primarily to tailor their ads to your locality – ads for Dallas show up in Dallas, and Vegas promos pop up as soon as you touch down in Sin City.

Here’s the kicker: even companies that lose the ad auction still walk away with your personal details. Data brokers thrive on this pool of information, except they combine it with their existing data to piece together a near-complete picture of who you are and where you’ve been. As you can see, this transforms a seemingly innocent app collection into a clandestine network tracking your every move.

How can you protect your personal information?

Facing this kind of intrusion can be daunting but rest assured, there are actionable steps you can take. First, be proactive about deleting your private information from data broker websites. This is where services like Delete Me can become an invaluable ally. Delete Me scours the web on your behalf, tackling over 750 data broker sites to erase your information, continuously lighting the path of privacy. They don’t just stop there; they get back in the trenches if necessary, also offering regular progress reports about their ongoing work.

Beyond that, you have the power to cut off data collection at its source by altering your phone’s advertising ID. On Android, navigate to settings, head to security and privacy, and then privacy controls, where you can choose to delete or reset your advertising ID. For iOS users, dive into settings, select privacy and security, and disable the option to allow apps to request tracking while also turning off personalized ads under Apple advertising.

What are advertising IDs, and why disable them?

Advertising IDs are tracking codes linked to your device, allowing companies to monitor your interactions across various apps. While they enable advertising communications tailored to your preferences, they inadvertently open the door for tracking your location to a similar degree. By disabling these IDs, you shut down a channel of unwanted surveillance.

Implementing these measures on your phone foils data brokers’ attempts to amass robust profiles of your habits. Consider it the digital equivalent of shredding sensitive documents: what they can’t collect, they can’t misuse.

So in summary

The exposure of personal data through 12,000 apps underscores an alarming vulnerability in the current landscape of mobile technology. However, you are not powerless. By harnessing services like Delete Me and managing advertising IDs on your devices, you can reclaim privacy and safeguard personal information.

As this landscape evolves, staying informed and vigilant remains your best strategy. Make technology work for you, not against you.

Checklist

  • Verify app permissions and ensure they align with their function.
  • Disable advertising IDs on your Android and iOS devices promptly.
  • Engage a service like Delete Me to erase data from broker websites.
  • Regularly check privacy settings after app updates.
  • Ask “How can I protect my mobile privacy?”

Frequently Asked Questions

How were apps like Candy Crush and Tinder involved in the breach?

Apps like Candy Crush and Tinder, widely popular on iOS and Android, were part of a vast array numbering over 12,000 whose data was accessible through Gravy Analytics. This breach involved both known apps and lesser-known ones, pointing to systemic vulnerabilities in how apps handle personal data.

What is real-time bidding, and how does it affect my data privacy?

Real-time bidding is an ad placement auction process. Companies essentially vie for advertising space and gain access to device information through this process. Even unsuccessful bidders can access and misuse this data, impacting your privacy by accumulating detailed tracking information.

Why should I be concerned about my phone’s advertising ID?

Your phone’s advertising ID can track your movements and behaviors across apps. Disabling it is crucial because it limits invasive profiling by companies. This unique identifier streamlines data collection across platforms, necessitating your proactive measures to protect your privacy.

What role does Delete Me play in protecting my privacy?

Delete Me acts as an ally in scrubbing your personal data from over 750 data broker websites. By effectively acting as an agent on your behalf, Delete Me ensures your information is not only removed but kept off these sites, enabling consistent privacy protection and peace of mind.

Why are popular apps often involved in data breaches?

Popular apps often face data breaches due to the sheer volume of users they attract, coupled with complex data handling processes like real-time bidding which inevitably share user information. The larger the app’s reach, the higher the chances of it being targeted or inadvertently exposing data.



Related reading

Liron Segev - TheTechieGuy

Liron Segev is an award-winning tech blogger, YouTube strategist, and Podcaster. He helps brands tell their stories in an engaging way that non-techies can relate to. He also drinks way too much coffee! @Liron_Segev on Twitter