What Type of Data Do Our Devices Gather and Send to Companies?

Here’s How Companies Steal Your Data



Data gathering and data stealing are common practices online. Companies are eager to drain every last piece of information from their customers for insight. And if they fail to store it securely, hackers will find a way to get their hands on it.

When is the last time you read a privacy policy?

It’s never a good idea to click “Agree” on something without reading through it first.

From beginning to end. Word for word.

Chances are, if you’re like most people, the answer to that question is never.

Unfortunately, you might be horrified to discover that some of your most trusted devices are gathering a slew of personal data and trends about your life, compiling them, and selling them off to the biggest advertising agencies.

Data abuse occurs when that data is taken and used for unethical purposes. And the problem is that these companies gathering your data are sitting ducks for skyrocketing cyber crime.

If hackers were to gain access to these caches of gathered data, they would have all the information they need to coordinate attacks on everyday citizens.

That’s a frightening thought. But it’s not the only issue at play here.

What about abuse from the companies themselves, and government agencies like law enforcement?

Sound crazy? It’s not. Because it’s already happened many times, and will only continue to happen. Here’s why.

What these Four Harmful Data Abuse Examples Can Teach You About Privacy Policies

Buckle up, because we’re about to get into some dark territory here.

Companies and governmental institutions have used their gathered data for some ethically-gray deeds throughout the years.

They say that absolute power corrupts absolutely. That’s why it’s important to know who has your data and what they do with it.

Take these four following examples.

Uber

In 2014, this multi-billion dollar company misused a powerful application to track the movements of one specific person.

Uber has a tracking system that they call “God View.”

It’s purpose it to be able to identify the location of any of their drivers or customers while they are logged into the service in the event of an emergency.

The way they define “emergency” is the issue.

On the surface, it sounds like a positive feature meant to improve overall safety. But if you know anything about Uber, you know driver and passenger safety isn’t exactly their greatest concern.

An Uber employee committed an action that was in strict violation of the company’s privacy policy by activating God View to track the location of a journalist who was running late for an interview with one of the company’s executives.

That’s a gross misuse of data and made a lot of Uber drivers and customers extremely nervous. If Uber can just use its app to low-jack you at will, what’s to stop them from using it, as they did here, for the silliest of reasons?

That’s not the only instance of Uber dealing in some dirty deeds, though.

They’ve also used similar features to help deceive authorities around the world.

Another concern is that their iOS app had secret permissions built into it that allowed the service to copy your phone screen. This could happen even if their app was only running in the background. Uber’s defense that this was done to improve functionality with the Apple Watch.

Riiiiiiiiiiiight.

This came through what’s known as an “entitlement,” which is code that app developers can use to interact with Apple’s systems. Where this really gets dodgy is, if the user also had Uber’s chief competitor, Lyft, installed on their phone, Uber could screencap their interactions with Lyft and spy on this activity.

Minnesota and Chicago Police Departments

The police have a lot of information on us.

We’re taught from a young age to trust that public institutions always have our best interests in mind.

However, there are just too many examples of the opposite.

Take one case in 2016, when state auditors discovered that officers across Minnesota were abusing their ability to access personal data stored in the state’s driver’s license database.

They were looking up the personal information of their friends, family members, and girlfriends without any relevance to an ongoing investigation.

How big was this issue?

Apparently questionable unauthorized searches were conducted by more than half of the officers in the state. That’s horrifying to imagine.

This situation was also noted in Chicago during the same year. Officers across the state were illegally accessing confidential database information to spy on people that they were personally close to.

In this case, there were issues related to identity theft, harassment, and even personal stalking.

AT&T

AT&T is the poster child for privacy problems.

In 2015, it cost them big money.

AT&T was fined $25 million by the FCC following an investigation that showed employees at their international call centers disclosing the personal information of more than 280,000 customers illegally.

Names and social security numbers of these customers were also sold to third-party actors who used that information to illegally unlock cell phones.

Morgan Stanley

A Morgan Stanley account manager was found to have downloaded the account information of 350,000 wealth management clients.

More than 900 of those accounts were later discovered featured on Pastebin, an anonymous site that shares text information.

Stories like this seem crazy on the surface. But the sheer number of them suggest something much deeper. And much darker.

It means most (if not all) companies gamble with your personal data.

Their laissez-faire attitude will allow hackers to snatch it. Or their personal greed means they’ll exploit everything they can out of it — all at your expense.

Unsurprisingly, these aren’t even the worst examples.

No. Those are reserved for new IoT devices invading your home. The very same ones that feature zero encryption to safeguard your data.

Here’s how that shapes up.

What Happens to IoT Data?

The Internet of Things tech trend promises to make our lives easier. By connecting many of our everyday devices to the internet, we live a more “connected” life that tells us exactly what we want, when we want it.

But, in doing so, we’re giving up even more information to these big companies than ever before.

All internet connected devices communicate back to their home base. Now, that expands to include smart cars, smart refrigerators, smart thermostats, smart doorbells, and smart scales.

It’s shocking that so many ‘smart’ devices are so dumb in reality.

All of these devices are gathering information and sending it back to their central application. Whether you’re dealing with real-time transmissions or batch data, all of the gathered information is analyzed to identify trends over time.

If you’re raging right now, wondering who gave IoT devices the authority to do such things, you should know that permission comes from you. All of this is outlined (not always clearly) in a company’s privacy policy.

That’s why it’s never a good idea to click “Agree” on something without reading through it first. Here’s why.

Smartphones

Smartphones are constantly collecting your data.

Some iOS apps were recently found to be sharing very personal user data with Facebook.

And unlike your smart television, it’s usually on your person at all times.

Think about the data our smartphones gather:

  • We enter our financial info
  • It logs our GPS locations
  • Counts our steps
  • Logs our food with some apps
  • Applies geotags to our photos
  • And lots, lots more

A smartphone is a hub for our most sensitive data, and the troubling thing is that they’re left unsecured.

Many of the apps we download use this data to improve and customize their experience. In the name of advancement, the companies keep said data. Remember that when it comes to privacy policies, you don’t need to only read the policy of your iPhone or Android device, you need to comb through the terms outlined by every app you download.

Are they accessing your camera? Your microphone? Your contacts? No app can just bully their way into these authorizations.

Take Google for example.

Their Privacy Policy states that once you sign into Android with a Google account, that device is now linked to your Google information.

As such, you give Google the ability to log your location, what kind of device you’re using, and the length and type of your phone calls.

Sometimes, companies try to sneak in data collection efforts without consent, and that is when this process gets truly frightening.

OnePlus, a China-based phone manufacturer was recently caught red-handed collecting data on their users with no agreement and then saving that information on their company servers. OnePlus claimed that it was trying to improve the user experience, but they have been forced to back off on data collection since then.

Google

Google’s incognito tabs are not so anonymous.

And you thought logging the length of your calls and tracking your location was the worst offense from Big G.

But when you look at the full scope of what Google tracks, you start to wonder if you have any internet privacy at all.

(Hint: You don’t.)

Just some of the information regularly logged by Google includes:

  • What you are searching for.
  • What sites you’re visiting, where you go on those sites, and how long you stay there.
  • What videos you’re watching. (Yes, even those. You know which videos that includes.)
  • What advertisements you click on.
  • Your geographic location.
  • What device you’re using.
  • Any IP or cookie data that has been collected on you through the sites that you visit.

Google also stores a lot of information on:

  • Your emails.
  • Your contacts.
  • Calendar events.
  • Photos and videos that you upload onto the device.
  • Your Google Docs, Sheets, and Slides.
  • Your birthday.
  • Your gender.
  • Your phone number.
  • Your address.

All of this can thankfully be controlled in Google’s privacy settings, which can be accessed through the “My Account” section.

Once here you can see what is being collected.

A lot of people point to Google’s incognito tabs through the Chrome browser as a way to get around this threat.

Unfortunately, it’s not so anonymous.

Incognito mode only hides your history from the device that you’re currently using. It does not hide any activity from your employer, your internet service provider, or the sites you visit. It also does not protect against any government spying.

(You’d need something stronger to protect all that oversight.)

Apple

This is our ‘thank you’ apple.

We can all thank Apple for IoT technology.

The iPhone was the first smartphone to hit the market, and it’s still what most people think of when they imagine the connected world.

Apple is a fairly safe company when it comes to information gathering, and the entire experience is incredibly customizable.

First of all, Apple anonymizes all of its data. They keep data on the phone to help improve your experience, but that information is never transferred back to Apple.

While Apple’s system can track your location, that is another piece of information that is kept on the phone instead of some Palo Alto-based servers. So the phone knows where you are, but Apple as a company has no idea.

Something that can make some people nervous, though, is Apple’s face recognition software.

It memorizes everything about your face to identify you.

Thankfully, the information is stored on the phone and not on Apple’s servers or iCloud. A refreshing security provision, as facial recognition is not a service you want falling into the wrong hands.

Another privacy threat comes courtesy of apps like Snapchat or Facebook messenger which feature augmented-reality features overlayed over a user’s face. Apple demands that all of these apps must present users with a privacy policy.

It’s important to remember that while Apple doesn’t gather a lot of data on you, the applications that you download onto the system might.

SO PLEASE READ IT OK THANX U.

The privacy section of Apple’s site allows you to see every bit of data that the company has on you. In fact, they allow you to request a data download which compiles all of their gathered intel and delivers it to your inbox.

When you look at the information gathered, you’ll notice that it is far less than services like Google and Facebook.

9MB

A study conducted by USA Today showed some telling results. Apple’s gathered intel came out to about 9 MB worth of data. Google, on the other hand, had compiled 243 MB. Facebook gathered even more at 881 MB.

C’mon Zuck, lock it up.

It apparently took USA Today a total of eight days to receive information from Apple.

That’s because Apple verified their identity with their name, address, phone number, and the serial number of their phone. Google compiled the data within hours, and Facebook within minutes. They took none of the security measures that Apple used.

Apple’s data download was very telling. The only information they had was:

  • The timestamps of data backups
  • The time stamps of uploaded photos to iCLoud
  • Stored email accounts and address
  • A copy of every app and song they had ever downloaded
  • No records of any Siri questions.

That last part is important.

Google Assistant and Alexa, two other popular personal assistance bots, record a lot of information and store it on Google and Amazon’s websites.

Both of these services allow you to speak to them, and the bots respond to your voice commands. They also record these exchanges, and keep them. This includes information on your commute, your finances, and more. It’s important to constantly go through and erase personal data lest it falls into the wrong hands.

But Siri, Apple’s personal assistant, keeps no logs or recordings of the questions that you ask it. In fact, Siri uses a random identifier to mask your identity. Apple knows that a question was asked, and they can see the question, but they have no idea who actually asked it.

Alexa

Alexa may be listening to more than you know. And it all gets stored.

Ok, so…

Alexa sometimes records personal conversations that are not meant for its electronic ears.

Those conversations are then stored within Amazon’s system.

It gets worse.

Amazon employs teams of people to listen in on your private affairs to help with Alexa’s voice review process. According to recent reports, staff even use internal chat rooms to share amusing or unsettling recordings.

I’m sure there are plenty of conversations you have within the privacy of your house that you would rather not be shared with Amazon employees. And what about the rest of the world? That’s exactly what could happen if someone managed to hack their way into your Amazon account and gained access to your Alexa recordings.

It’s not just personal conversations that are a threat, either. A lot of the information you talk to Alexa about has your financial information, your daily commute, and other identifying data that you don’t want malicious peeps getting their hands on.

So, how do you stop this from happening? There are a few ways.

The first and easiest is to change Alexa’s “Wake Word.” This is the phrase that Alexa is programmed to respond to. When you say the wake word, the system activates and starts recording, because it thinks you want to use the service.

Here’s how that commonly backfires when it’s set to the default “Alexa” instead of something more secure:

I got directions from Alexa to get to my doctor’s office.

*Recording Begins*

Once I was there, he discovered this really weird rash.

Annnnnnd scene.

You can see how that becomes problematic in a hurry.

(It’s just eczema, I promise.)

Whereas, if you simply made the wake word something a little more specific, your odds of accidentally outing the symptoms from your weird Tinder date last weekend to the world.

Another way to keep your private information private is to constantly delete recordings.

True, that will negatively impact the performance of Alexa. She references those recordings to learn more about your preferences, and tailors her responses accordingly.

The best approach is to manually delete each sensitive line item.

But we both know that’s not going to happen.

So just delete it monthly or change the wake word. Or both.

Applications

Granting an app permission to access your photos does a lot more than you might think.

Couples would starve to death without apps. It’s true.

Without them, both parties would sit there, taking turns saying, “I don’t care, what do YOU want to eat?”

And then poof: both die of starvation.

Because it is easier to starve to death then mutually decide on what to eat with your significant other. Fact.

Let’s not even talk about taking a bath without Netflix (away from the water), or commuting on the train without a mindless game in front of your zombie-esque face (I will crush ALL of the candy before the next stop!).

We always think about devices gathering our intel and making off with them. But we never think about the apps we use. And they are some of the worst offenders.

Recently, I spoke with Chris Weatherhead, a Technology Lead at Privacy International. An expert on data exploitation, he explains how pervasive corporate tracking via apps can be:

Our biggest concern at the moment is third party tracking on apps. It is virtually impossible to understand who is harvesting your data and why. Looking into the Android ecosystem, we see a dominance of the big players with a long tail of countless tracking companies that most people will have never even heard of. Nearly 90% of free apps on the Google Play store share data with Google’s parent company Alphabet. Meanwhile, Facebook have code capable of tracking you in over 40% of free Android apps, and a similar number of iOS apps. This means even if you avoid the Facebook platform, you are still likely being tracked by Facebook through unaffiliated apps.
Disclaimer: Privacy International does not endorse any company or product by contributing this quote.

Every app is different when it comes to data collection. Those differences are outlined in their privacy policies. You have to grant apps permission to access your data. The drawback to this is that often, if you don’t grant those permissions, you won’t be able to use some of the app’s services or, in some cases, use the app at all.

Android devices have a section for apps and notifications in their settings menu. From there you can decide which permissions go with which apps. If you don’t want a service accessing your camera or contacts, you can manage that in this menu.

To get the inside scoop on the specifics of the data tracked by each app, you need to consult the app’s page in the app store and comb through their terms of use and policies. You can’t access that from the Android menu.

One important fact to remember is that granting an app permission to access your photos does a lot more than you might think. While that seems innocent on the surface, every photo has a geotag associated with it, and access to photos means access to those tags.

This means that those apps can tell where you’ve been when taking photos. If that’s not something you’re comfortable with, you shouldn’t allow those applications to sift through your photo albums.

Mobile web browsers keep your search history, location, and device information stored. When you’re using a browsing app you also have to remember that the sites that you visit may also be gathering data on you through the use of cookies.

In Conclusion

The hard-earned cash you’re forking over isn’t the most expensive part of your devices or apps.

Instead, it’s you, personally.

Your financial information. Your location. Your habits, activities, and preferences.

Most (if not all) devices and apps you use on a regular basis are hoarding this data and selling it off.

Burying the harsh reality down deep in that privacy policy that never gets opened.

The only way to combat this is to do your homework and understand their game.

That way, you can make a more educated and informed decision as to how much personal information you’re willing to give up to take corny photos with a cat mask.

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*