According to a 2018 study by MightySignal, there are more than 1,000 different mobile apps available that contain some sort of location-sharing and tracking code. These codes are typically used to gather information on the public’s shopping patterns to help developers make money on targeted ads. Unfortunately, this isn’t the only kind of data some of them are gathering. In this blog, we break down eight different places your data is living that may surprise you.
Dating Sites/Apps
We all want to find love, and today with a plethora of dating apps available, it’s never been easier. However, you may be telling potential partners and app developers more than what’s in your dating profile. Apps such as Tinder and Hinge request and require access to your location in order to find potential matches in your general area.
While filling out your likes and dislikes, your location, and what you do for work may be normal things to share with your dates, putting them on your public profile for all potential suitors to see can potentially cause more harm than good. Not to mention, a large chunk of dating apps ranging from Tinder and Plenty of Fish to Hinge and OKCupid are owned by one single company: Match Group. Match Group’s numerous apps reserve the right to share data with one another, even if you’re only using one of their apps.
Photo Editing Apps
Whether it’s adding bunny ears, erasing a blemish, or making your selfie look like it was taken on a vintage Polaroid, everyone loves a good photo filter. However, most photo filter apps require, or at the very least request, access to your entire camera roll rather than the one photo you want to edit. (Remember the saying, “a picture tells a thousand words?” Imagine what kind of personal information your entire camera roll can share!) In addition, many photo editing apps also link to social media apps, not only making way for a seamless snap, edit, and post, but securing a direct access link to all your social media profiles for potential hackers.
Weather Apps
Rain or shine, there’s always a small risk your data could be leaked. While you’re not at a moderate or high risk of your data being stolen from your favorite weather app, your location and location history is still being tracked and can be collected from other apps if they are linked together.
Social Media Accounts
Since the early 2000s, the popularity of social media profiles has grown exponentially, with the most popular ones being Facebook, Twitter, Instagram, and Snapchat. It’s now commonplace in our society for social media users to document their entire lives online in the form of vlogs, blogs, and TikToks, meaning there’s less and less of our lives that aren’t posted online. As more people share more and more personal information, the more push there is for stricter user privacy laws and regulations.
It’s always best practice to not share too much information online that can be personally identifying, such as your address, personal contact information, work location, etc. Utilize your social media accounts’ and mobile devices’ privacy settings, and remove any contact information and data from the social media sites you no longer use.
Gaming Apps
In 2018, a COPPA (Children’s Online Privacy Protection Act) study found that in approximately 20% of children’s apps, developers included code that collected and distributed personally identifiable information (PII) without confirming parental consent. The information often gathered by these apps range from the child’s name and email address (or parent’s depending on whose device is being used), home and mailing address, and parent information.
Mobile Wallets
Mobile wallets are a hassle-free way to pay for groceries, gifts, and more without having to dig through your wallet or purse to find your credit cards. It’s convenient being able to store all of your payment options in one place, just make sure to protect it when it comes to the safety of your digital wallet. Be sure to enable your phone’s security features, protect your phone and digital wallet with a password, fingerprint, or other authentication method, and avoid using public Wi-Fi when accessing sensitive data.
Rental Cars (Smart Phone Connection)
You may want to rethink syncing your driving playlist or connecting your GPS to your rental car on your next road trip. If you connect to your rental car via Bluetooth, your rental car can store previous locations, phone number, call log, and even contacts, making it much easier for the next renter to hack your information. Make sure you check your permissions, avoid connecting your mobile device to the car’s infotainment system, and delete any information from the system before returning the car.
Old Laptops and Drives
By now, we all know that simply erasing information from a laptop, tablet, or drive is not enough to keep your information safe. When erasing data off a drive, it’s possible that unencrypted and encrypted information can linger and become fair game for hackers. While methods such as cryptographic and data erasure would allow the drive to be used again, it is not a secure and foolproof data destruction method. Information, whether encrypted or unencrypted, can still linger behind on the drive and be accessed, even if it has previously been deleted or overwritten.
Unfortunately, as we get further into the Digital Age, the more personal information we are knowingly (and unknowingly) sharing, the more information developers are collecting about us, and the higher the chances are of a potential data breach. While many apps, developers, and businesses claim to only be interested in tracking the public’s patterns and not identities, the information they are gathering can technically be described as personally identifiable (PII). Tracking an individual’s location as they go to work, the gym, home, and even their doctor’s office can easily lead to identifying individuals. The average app, whether Android or Apple, has approximately six different data trackers embedded into it while some applications request access to more information than what is needed.
We understand that not every app or rental car company is trying to steal your data; apps that track jogging routes or utilize the option to share your location with your loved ones serve legitimate purposes. We at SEM stress that individuals should opt for the “Ask App not to Track” option in their device’s personal settings, only share their information with legitimate apps, and be mindful about where they offer up their information.
To sanitize your end-of-life laptops and drives, we recommend revisiting some of our old blogs on hard drive destruction misconceptions and ways to NOT destroy your drives for more information. Regardless of the catalyst for your drive destruction, it is always best practice to conduct destruction and degaussing in-house and to follow NSA standards. At SEM we have an array of various high-quality NSA listed/CUI and unclassified magnetic media degaussers, IT crushers, and enterprise IT shredders to meet any regulation.