Hacker News: See the Thousands of Apps Hijacked to Spy on Your Location

Jan 10, 2025

—

Source URL: https://www.404media.co/candy-crush-tinder-myfitnesspal-see-the-thousands-of-apps-hijacked-to-spy-on-your-location/
Source: Hacker News
Title: See the Thousands of Apps Hijacked to Spy on Your Location

Feedly Summary: Comments

AI Summary and Description: Yes

Summary: The article discusses the alarming exploitation of popular mobile apps by rogue advertisers who harvest sensitive location data without user or developer consent. It highlights how this data collection occurs through the advertising ecosystem, particularly real-time bidding (RTB), raising significant privacy concerns.

Detailed Description: The content underscores serious privacy implications stemming from the covert collection of location data by malicious actors within the advertising industry. Key points include:

– **Data Harvesting through Advertising**: Many widely used apps, such as games and dating applications, have been compromised to collect user location data. This data is reportedly funneled to a subsidiary of a location data company with a history of selling such data to law enforcement.

– **Lack of Consent**: The data collection operates largely without the knowledge of users or even the original app developers. This lack of transparency adds a layer of complexity to user privacy concerns.

– **Shift from Code to Advertising Ecosystem**: Traditionally, location data was collected via embedded code in apps, but there’s a notable shift to utilizing the advertising bid stream. This transition allows data brokers to collect sensitive information passively During the bidding process for ad placements.

– **Privacy Nightmare**: Security experts express concerns that this mode of data collection represents a severe privacy breach, as sensitive information is scraped from RTB systems by potentially unscrupulous companies, likened to a “global honey badger” for its reckless approach to data.

– **Potential for Abuse**: The implications of this data collection extend beyond mere privacy concerns, as the information could be mishandled or misused by various actors, posing risks to both individual privacy and broader societal norms regarding data handling.

This narrative is particularly relevant for professionals in the fields of privacy and information security due to its implications on regulatory compliance, the need for stringent data governance, and the protection of consumer information amidst evolving techniques in data acquisition.

4 a abuse acquisition Act ad placement advertising advertising ecosystem Advertising Industry AI Application applications ARM art as breach by C code companies complexity compliance concerns Consent content core D data data acquisition data broker data brokers data collection data governance Data Handling data harvesting de developer developers dual e ecosystem edge end enforcement exp Experts exploit Exploitation for g Gen Go governance hack hacker Hacker News high Highlight HR http HTTPS implications in industry information information security jack k knowledge l large law Law Enforcement led location data low malicious actors media misuse Mobile Mobile App mobile apps my Narrativ news no o of on one ory over pre privacy privacy concerns privacy implications professionals Py R raising RCE real real-time regulatory regulatory compliance Risk risks rogue advertisers s sec security security experts sensitive information SHA Sig SoC source spy SSE system systems T tech techniques the Time time bidding to Tor TP transition transparency up US user user location user privacy Wi x