Another Assault on Privacy: Phone Settings You Should Verify Now
Android and iPhone devices automatically generate unique identifiers in the form of character strings known as mobile advertising IDs (MAID). These MAIDs are used to track the activities of device users and build individual profiles on them. Companies use the profile data to send targeted ads to the devices.
Tech companies have routinely claimed that these profiles are anonymous and that, although they identify devices by their MAIDs, they do not include the personal identities of device users. But a July 2021 article published by Vice.com has revealed that MAIDs are being used by unscrupulous data brokers in conjunction with other data sources to match devices to their users’ personally identifiable information (PII). This PII data could include full names, addresses, phone numbers, email addresses, device IP information, and more. User profiles combining tracked activities with sensitive PII information are then being sold by these brokerage companies, compromising device users’ privacy and subjecting them to significant risk.
Both iPhone and Android devices now have settings that can be easily changed to prevent the tracking of your activities using MAIDs.
The phone issue in detail
In a statement provided to Vice.com’s Motherboard affiliate during the course of its investigation, Oregon Senator Ron Wyden said that, “If shady data brokers are selling this information, it makes a mockery of advertisers’ claims that the truckloads of data about Americans that they collect and sell is anonymous.” Wyden went on to express concern that making the PII data available to foreign entities and governments could pose a risk to national security. Having this much PII information combined with tracking data also makes individuals more vulnerable to impersonation scams, identity theft, spear phishing, home title theft, and other cyber attack variants.
As part of the investigation, a Motherboard representative contacted one of these data brokers and posed as a potential customer. Per the Vice article, the brokerage’s CEO advised that the company did, in fact, link PII data to tracking information collected using MAIDs and that, in addition to name, address, email, IP information, and phone numbers, other data categories that could be included in profiles were “too numerous to list.” For more specific information about this data brokerage firm and its quoted representative, see vice.com/en/article/epnmvz/industry-unmasks-at-scale-maid-to-pii.
When explaining the scope of the issue, a researcher interviewed for the Vice article said that the PII of anyone running phone apps with ads could be collected and sold by unscrupulous entities. The researcher, Zach Edwards, also said that the risk level for members of the military, law enforcement personnel, and government officials is particularly high given the potential that they will be targeted by foreign entities.
Motherboard investigators asked Apple and Google whether they had policies relating to data brokers using MAIDs to create profiles that unmask the identities of their device users. Per the Vice article, both organizations acknowledged receiving the request for comment, but neither provided answers.
Phone settings that disable data sharing using MAIDs
While they didn’t answer Motherboard’s question, both Apple and Google have built functionality into their phones that allow users to disable this particular type of data sharing.
Apple’s App Tracking Transparency (ATT) option allows users to opt out of receiving targeted ads. Open Settings on your iPhone, select Privacy, then scroll down and tap Apple Advertising. Move the toggle switch to the left. If you’d like to see what information your phone has already collected about you, tap View Ad Targeting Information.
In April of 2021, three months prior to the publication of the Vice.com article, Apple’s iOS update to version 14.5 significantly changed how iPhone apps can collect and share data going forward. If you’ve installed that update, your apps should already be prompting you for permission to share tracking data.
Per the Vice article, Google announced that, early in 2022, they plan to roll out functionality similar to the opt-in requirement included in Apple’s 14.5 iOS update. In the meantime, Android users can open Settings, scroll down and tap Google, then select the Ads option. Move the toggle switch to the right to Opt out of Ads Personalization. Once you’ve enabled this setting, apps attempting to share out your MAID will be provided with a string of zeroes, instead.
Data collected from phones, tablets, and PCs is being packaged and sold as a commodity by people search sites and other data brokers. The very nature of some PII data, like real property records, requires that it be publicly accessible, thus allowing it to be scanned and matched with other data sources to build extensive profiles on you, your family, your neighbors, and anyone else who accesses the Internet.
This explosion in data mining and brokerage has resulted in a dramatic increase in cyber attacks and also in the development of privacy-related applications like personal virtual private networks, anonymizing domain name services, encrypted email and messaging apps, and private browsing options. And now, perhaps a bit later than they should have, Google and Apple have decided it would be best to protect their customers by giving them the option to block the sharing of their data.
If you are concerned about your privacy and would like to make sure your phone isn’t sharing information that is being used by unscrupulous data brokers, it only takes a minute to follow the instructions in this article and verify that your privacy settings are enabled.
If you’re in Fort Collins, Loveland, Greeley, Denver, Boulder, or surrounding area and don’t have an IT Service Provider or are looking for managed IT support, cyber security, IT services, or IT coverage, contact Pro-IS for a free consultation (970) 613-0980.