←back to thread

Everyone knows your location: tracking myself down through in-app ads

(timsh.org)
1957 points apokryptein | 5 comments | 02 Feb 25 17:07 UTC | HN request time: 0s | source
1. gruez ◴[02 Feb 25 17:39 UTC] No.42910188[source]
>If it was LTE, I bet the lat/lon would be much more precise.

False. Apps don't have access to cellid information unless they also have location permissions, in which case they can just request your location directly.

>the free apps you install and use collect your precise location with timestamp [...]

This is alarmist and contradictory given that the author admits a few paragraphs up that the "location shared was not very precise". It might be possible for the app to request precise location via location services, but the app doesn't request such permissions (at least on android, you can't check for requested permissions on iOS without installing the app and running it), so such apps are most definitely limited to "not very precise" locations.

>At the same time, there is so much data in the requests that I'd expect ad exchanges to find some loophole ID that would allow cross-app tracking without the need for IDFA.

At least in theory they're not supposed to do that, but it'd be hard to enforce.

"If a user resets the Advertising Identifier, then You agree not to combine, correlate, link or otherwise associate, either directly or indirectly, the prior Advertising Identifier and any derived information with the reset Advertising Identifier. "

https://developer.apple.com/support/terms/apple-developer-pr...

replies(2): >>42910951 #>>42916307 #
2. anon7000 ◴[02 Feb 25 19:17 UTC] No.42910951[source]
Eh. Zip code level location + timestamp is still pretty invasive, even if, pedantically, that’s not very precise.

We should compare if there a differences in the data sent in countries with better data privacy laws.

replies(2): >>42911561 #>>42911651 #
3. eli ◴[02 Feb 25 20:38 UTC] No.42911561[source]
"Precise" has a specific meaning for iOS Location Services and this ain't it. Presumably it's just doing IP geolocation which could be the same post code, or it could be the wrong city entirely. I'd expect it to be much worse on LTE than WiFi.
4. gruez ◴[02 Feb 25 20:46 UTC] No.42911651[source]
>Eh. Zip code level location + timestamp is still pretty invasive, even if, pedantically, that’s not very precise.

That's basically sent to multiple parties (ISPs, transit providers, CDNs, analytics/advertising/diagnostics/security vendors) everytime you visit a website. If this counts as "invasive" to you, you shouldn't be connected to the internet at all, much less buying a tracking device (a smartphone) and installing random ad-supported apps on it.

5. saagarjha ◴[03 Feb 25 09:00 UTC] No.42916307[source]
Cell carriers will gladly sell that information to apps. You can make calls to them over the cellular network (even if Wi-Fi is active!) and they will hand it back to you. No location services is required to do this.