this post was submitted on 10 Jan 2025
145 points (99.3% liked)

privacy

3101 readers
34 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

founded 2 years ago
MODERATORS
Kokomheart@lemmy.ca
QuentinCallaghan@sopuli.xyz
altair222@beehaw.org
145
Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location (www.wired.com)
submitted 1 day ago by neme@lemm.ee to c/privacy@lemmy.ca
13 comments fedilink hide all child comments
top 13 comments
sorted by: hot top controversial new old
[–] Limonene@lemmy.world 38 points 1 day ago (1 children)

This doesn't look like they hijacked the apps to spy on users' location. It looks to me like these apps were already illegitimately collecting location data and passing it to Gravy Analytics where it was sold to the highest bidder. If I'm interpreting this article correctly, the hackers only hijacked Gravy Analytics so they could get the location data without paying. The location data was already in the malicious hands of Gravy Analytics.

But it seems rather nebulous. Many of the app developers' quoted responses in the article seem to be blatant lies, which the article disproves. Many of the app developers deny handing over location data, but do run ads. If those ads execute arbitrary javascript, then IP geolocation is easy. I don't know how cookies/tracking would work for in-app ads, though.

[–] Scolding7300@lemmy.world 4 points 1 day ago

The developers probably fall into the "incompetence" bucket, and were also ignorant to the full effect of serving ads

[–] Suburbanl3g3nd@lemmings.world 10 points 1 day ago (2 children)

Short of deleting the offending apps and not using them, how can you protect yourself from the data collection of the app?

[–] orbital@infosec.pub 8 points 1 day ago (1 children)

Protective DNS, when set up with a DNS provider that blocks known ad / tracking domains, would help with that. NextDNS, Control-D, and Mullvad all offer this service, for example.

[–] sunzu2@thebrainbin.org 3 points 1 day ago (1 children)

Mullvad VPN is best one stop shop to get started but the process is so much more than getting a VPN.

A lot of ia behavioural though, hygiene

[–] pineapplelover@lemm.ee 2 points 1 day ago* (last edited 1 day ago)

Protonvpn also blocks ads, trackers, malware. With some of my apps needing google play services, I get trackers block constantly on my grapheneos phone.

Edit: I would also mention that I am very selective with my permissions. I don't grant internet unless absolutely required. Sensors and gyro data are very rarely needed for apps unless it's navigation. Location permission only for when app is open, nothing in the background. Microphone and camera permission the same too. Though, for proprietary apps that need mic and cam like social media, expect them to watch your face and listen to you all the time, extracting every muscle twitch and word that comes out your mouth.

[–] Scolding7300@lemmy.world 3 points 1 day ago

What others said and give permissions on a "need to know basis"

[–] hellfire103@lemmy.ca 13 points 1 day ago* (last edited 1 day ago)

There are quite a few apps in there I wasn't expecting. Guess you just can't trust proprietary adware, huh.

[–] boredsquirrel@slrpnk.net 4 points 1 day ago* (last edited 1 day ago) (1 children)

Crazy. These are the apps that bundle location and network scraping libraries. Those libraries not only gather location data (GPS or network based) but also spy on your surrounding wifis, bluetooth beacons and cell towers.

This allows the distributors to build huge databases that allow to locate things without GPS, just cell networks.

This is actually really useful and I encourage people to help improve this. Use NeoStumbler and collect such data. It is all opensource and will be processed to not allow such tracking. But it will allow geolocation privately, for everyone.

Ironically people are already doing this all the time, and not privately at all.

[–] wabasso@lemmy.ca 1 points 1 day ago (1 children)

Is there something like NeoStumbler for iOS?

[–] boredsquirrel@slrpnk.net 1 points 1 day ago

I mean there is no way to use the database on iOS

But no, afaik there is also no Stumbler. Apps need quite some extended privileges to work well, might be restricted

  • record network data
  • record location in background
  • read all available networks

Well... apple itself does this (and btw apples location data is actively scraped. Really poorly protected) but no other app can do it likely

[–] shoulderoforion@fedia.io 2 points 1 day ago (1 children)

paywall fucking bullshit edit: got through it, here's the list of apps : https://docs.google.com/spreadsheets/d/1Ukgd0gIWd9gpV6bOx2pcSHsVO6yIUqbjnlM4ewjO6Cs/edit?gid=1257088277#gid=1257088277

[–] neme@lemm.ee 1 points 14 hours ago

paywall fucking bullshit

If it says "You’ve read your last complimentary article this month.", clearing cookies and other site data should help.