Protect Yourself Against Location Tracking Abuses

Originally published at: Protect Yourself Against Location Tracking Abuses - TidBITS

News broke last week that a company has been tracking millions of smartphone users over long periods of time without any opt-in permission or notification, potentially violating state and federal laws in the United States and putting vulnerable people at risk (see “Exposé Reveals Ongoing Smartphone Location Tracking Threats,” 23 October 2024). This reported behavior by Babel Street’s Locate X makes me livid! Many of our online actions chip away at our privacy, but most are optional and offer something in return. Sometimes, we’re even told explicitly how our information might be used and can opt out or switch services. You can choose to swap the likes of Facebook, Instagram, and X/Twitter for Bluesky or Mastodon, and if you don’t want Google to see your Web searches, there’s always Brave Search, DuckDuckGo, Kagi Search, and Perplexity.

But no one intentionally shares their location with Babel Street; no one has granted permission in any way that could be construed as allowing it. I doubt any but a handful of people in specialized fields and law enforcement even knew who Babel Street was before last week. Although the company wouldn’t tell reporters how it comes by all its location data, it likely acquires it from the many data brokers that assemble the information from apps that track us. In short, we have no relationship with Babel Street, we’ve never given it permission to traffic in our location data, and we gain nothing from them. So how does this all happen?

Here’s where things get murky. To avoid uniquely identifying smartphones, Apple and Google use something called a Mobile Advertising ID (MAID) on iPhone and Android phones. MAIDs are unique, randomly generated, and don’t have to be persistent. Most importantly, they were supposed to be disentangled from personal identity, enabling advertising companies to distinguish individuals without relying on information such as a phone number or email address. The idea that a MAID can be kept separate from its user’s real-world identity turns out to be a fantasy. As Brian Krebs notes in his in-depth article about Locate X, there’s an entire industry devoted to selling “device graph data” that links people and devices.

Until iOS 14, Apple allowed users to reset the MAID, which the company calls the Identifier for Advertisers (IDFA), generating a new, random, but still unique ID. In that version of iOS, Apple removed the option to reset the MAID but added App Tracking Transparency, which required apps to ask for user permission before tracking their data across apps or websites owned by other companies (see Glenn Fleishman’s “Apple Unveils Stringent Disclosure and Opt-in Privacy Requirements for Apps,” 7 January 2021).

App Tracking Transparency seems to help, as the consumer privacy company exposing Locate X estimated they could locate roughly 25% of iPhones but 80% of Android phones. However, it’s not as effective as it could be. A study from Lockdown Privacy found that turning down apps’ requests to track made no difference in the number of active third-party trackers and had a minimal impact on the total number of third-party tracking connection events. Plus, a paper from security researchers at the University of Oxford said:

However, the number of tracking libraries has – on average – roughly stayed the same in the studied apps. Many apps still collect device information that can be used to track users at a group level (cohort tracking) or identify individuals probabilistically (fingerprinting). We find real-world evidence of apps computing and agreeing on a fingerprinting-derived identifier through the use of server-side code, thereby violating Apple’s policies.

Despite the workarounds that scummy data brokers have found, you can still take three affirmative steps to protect your privacy while Apple works on its next generation of privacy lockdowns.

First, in Settings > Privacy & Security > Tracking, either turn off Allow Apps to Request to Track or, if you want to see which apps are evil, leave it on and manually block every app that requests permission to track you. (With prejudice and obscenities.) Even if App Tracking Transparency isn’t perfect, it’s a step in the right direction, appears to have a noticeable impact, and can only make things harder for the data brokers.

Second, go through every app in Settings > Privacy & Security > Location Services and reduce the location access to the minimal level necessary. If you’re unsure, choose Ask Next Time or When I Share.

App Tracking Transparency and Location permissions settings

What counts as the “minimal level necessary” varies by app. Navigation apps need location access to work at all. Camera apps need it to geotag your photos. Many other types of apps have legitimate reasons for accessing your location; they should explain that appropriately in their detail screens. When in doubt, remove permission and see if an app stops working or complains about its tracking capability. (Developers often use so many third-party libraries that they don’t even know why all the permissions are requested, and such permissions often aren’t core to an app’s purpose.)

Examples of location access permissions

There are six settings for location access:

  • Never: Choose Never for any app with dubious explanations of why location access is requested. Canon Print app, take a flying leap. “Enabling the use of precise location information may help when trying to solve printer connectivity issues.” No, it won’t.
  • Ask Next Time or When I Share: If you’re unsure if you want to allow or deny location access for an app, select this option. You’ll get a prompt the next time the app wants your location, enabling you to make an informed decision based on your actions. I’ve set most of my apps to ask the next time they want access so I can be sure the reason is legitimate.
  • While Using the App: For nearly all apps for which you want to allow access, choose While Using the App. It’s entirely reasonable that a location-requiring app be allowed to determine your location while you’re using it.
  • While Using the App or Widgets: This option only appears for apps with widgets; choose it only if you use a widget that needs location access.
  • Always: Limit Always access to the very few apps you want to provide location-based notifications whenever the app generates them. The only app to which I grant Always access is CARROT Weather, so it can notify me about incoming storms.
  • Precise Location: If you allow location access for an app, turn on this switch only if the app needs your location within a radius that various sources claim is between 5 and 60 meters (15 to 200 feet). An Uber or Lyft driver will need to know where you pick you up, for instance, so those apps should have Precise Location turned on, as should navigation and camera apps. For most others, turn off Precise Location. Your approximate location—sources suggest a variable radius between 4 and 20 kilometers (2.5 to 12 miles)—is sufficient to locate you in the right part of the world.

If you’re on the fence about whether or not to grant location access to an app, you have one more way to determine if doing so will leak your location to data brokers: check the app’s App Privacy disclosures and read its privacy policy.

Take the NBC Sports app. It claims to need location access to show the correct live stream for your city. That sounds plausible (and is, in fact, true), but its App Privacy section on the App Store reveals that it will also track your location. Reading its linked privacy policy clarifies that NBC absolutely plans to sell you to data brokers. I couldn’t care less about live streams, so I relegated NBC Sports to Never. With prejudice and obscenities.

NBC Sports App Privacy disclosures

Third and finally, while you’re in Settings > Privacy & Security, look through the apps that have requested permission to use Bluetooth and Local Network. Apps can use these permissions, particularly Bluetooth, to engage with other devices for location and tracking purposes. Revoke permissions for any app that doesn’t obviously require them. At worst, the app will ask you again later. I can’t see why NBC Sports would need Bluetooth permissions (nor can I imagine having granted them, which makes me wonder how it was enabled by default).

Bluetooth and Local Network privacy permissions

9 Likes

Regarding your mention of apps that “need” access to Location Services, I vehemently disagree that camera apps “need” your location. I have zero interest in geotagging my photos, and most of my friends seem to feel the same way. There is value to sometimes putting a geotag in a photo, but for most photos, it’s just another way of telling people you don’t know where you are, because the tag is accessible to anyone who can view the image unless you strip the tag before sharing.

I deny all apps with Camera access on my devices permission to access my Location. If I ever need it, I’ll deliberately turn it on for that need, and then immediately turn it off again. I also use GraphicConverter on my Mac to strip geotags from all the images in my library (GCon is excellent at editing EXIF and IPTC data), unless I have a specific reason to be able to find the place a particular image was taken (which is pretty rare). There are privacy things I sometimes play a bit fast and loose with, but geotags are not one of them.

1 Like

Of course, this all depends on what you do with the pictures.

For me, I never share them with anyone and I don’t use social media at all. For me, the geotags exist to help organize my photos (e.g. the “Places” view in my Mac’s Photos app). It’s convenient to be able to show, for example, every picture I took on my many trips to New York City, regardless of what albums the pictures may belong to.

Now if i was sharing these pictures on social media, I may feel differently. Or maybe not, depending on the context. If I include pictures from Times Square in a blog article about my trip to NYC, those geotags don’t really have any impact on my privacy because the article says where the picture was taken. But if I was sharing pictures of my cats at home, then yes, that would be bad because the pictures would show where I live and I’d need to strip that data from the copies I shared.

3 Likes

FWIW when you share a photo in iOS from the photos app there is an “Options” button on the top where you can turn off location when shared to other apps. It’s rare when I share a photo to apps, but I always do it from the Photos app using this option (because I like having my photos geotagged otherwise.)

I’m also as rigorous about denying access to my photo library to apps in Settings / Privacy & Security / Photos as I am to location.

5 Likes

I am very liberal with built-in Apple apps (so I have no problems granting Photos access in order to geotag pics), but very conservative with 3rd party, especially “free” apps.

Obviously, once Apple pushes sales even harder (App Store, services) they could be tempted to do things that will make me less trusting.

OTOH, I’m conflicted by Lyft and Uber apps or my UA and DL companion apps. I realize they have a legit reason to need location data, but I also don’t trust those companies not to try to make an extra buck by selling my information to the highest bidder. I’m not even sure I would trust their privacy statements if they said they wouldn’t (recall the do-no-evil company harvesting wifi data). But obviously, that’s very personal and depends on who you have faith in. I fly with UA all the time, but do I trust they will be a super ethical company when the going gets even tougher than now where they barely make any money despite huge expenses, umm, nope.

1 Like

For me that applies to that entire list down there, not just Photos. Files or Calendar just the same. In fact in that entire list I have None almost everywhere except for Apple built-in apps that get access to Files (Photos & Safari) and Music (Photos).

The biggest culprits were the cell phone service providers themselves. They track your phone at all times and sold this information to data brokers.

It was revealed that the US military was buying the location information of Muslims who used a prayer app that helped them locate Mecca. The app publisher didn’t know about it. They used a third party library that help geolocate the direction to Mecca. This third party service gathered the information from all users, anonymized it, and sold the information to a broker. The broker “deanon​ynmized” the data and sold it to the military.

1 Like

I imagine the other mobile providers have this as well, but Verizon has a privacy preferences set of options that allows you to opt out of this sort of data collection and “sharing with third parties”.

I was prompted by this message to re-check my Verizon settings. I had opted out of all the “features” some time ago. Since then, however, they have added new categories. I opted out of these as well.

Thanks, Adam, for the reminder to check the privacy settings.

I’m not trying to be argumentative, and I don’t have any airline app, but I am curious.

The airline knows what flights I have booked; why would the airline need my location? Assuming there is some enhancement available if the airline knows my location, would the app work at all if it doesn’t have my location?

For me, it’s not about whether I trust Apple with this information. It’s about the fact that as an artist, most of the pictures I take on my phone are destined for sharing of some kind. When you share a photo with anyone (except by just showing it to them on your device), you lose control over any information in its metadata. I’ll grant that in many cases, the only “sharing” my photos get is with Spouse, but I don’t control what they do with them. So I play it safe by not automatically geotagging any photos unless I have a specific reason to do so.

I don’t trust anything in most companies’ privacy policies, including opt-outs. I mean, I use opt-outs whenever available, but I don’t trust that the company will honor the spirit of their policy. There’s just too much money at stake.

When you add in the fact that most of these companies make it difficult to sue them over privacy violations (thanks to the US federal government refusing to limit mandatory arbitration clauses to the B2B circumstances they were created for), I don’t for an instant believe that they don’t jump at opportunities to make a buck off something that an ordinary person would think is excluded by policy.

Apple is one of the rare exceptions that I trust somewhat, thanks to Tim Cook’s open commitment to not just talking about customer privacy, but taking determined actions to protect it. Even then, though, my trust has limits.

Again, when you share something from your phone, you have the option to share it without location - see my previous post. I just shared a photo by email (to myself) using this setting and all metadata was scrubbed from the photo - which camera took the photo, which lens, location, etc.

If you look at the bottom of that sharing sheet, you’ll see that by default metadata and edits are scrubbed from iCloud and AirDrop links as well.

Ok, sure, I feel pretty much the same way really. But I shared that because not opting-out is likely to result in having your location data shared by mobile phone providers.

And I’ll also note that it’s a shame that opt-out is not the default.

And we are talking about smartphones - it’s super-hard to get good use from a mobile smartphone without a mobile provider. For example, I don’t always use maps with route guidance, but I sure want to have it available when I do. I sure want to receive messages and calls from my wife and family, particularly if they are suffering some sort of emergency. So in order to get this use, I really do need to allow the mobile provider access to my location (based on my connection and proximity to their cells.)

I guess it’s too bad that Apple didn’t decide to start a mobile network.

Though, maybe a bit off-topic, but I do trust Apple and their stated strong privacy policy for their users. But let’s hope that Apple remains successful, because if they start struggling (which may seem unlikely, but didn’t people expect IBM to dominate computing forever at one point?), I sure hope that their commitment to user privacy is not one of the sacrifices that they make to gain more revenue.

In my case I exploit that their apps give me exact directions through overseas airports I’ve never been to when I have a tight connection to make. If the app knows where you are, it will tell you the fastest way to the gate you were supposed to be 10 min ago. :wink:

Not a big deal, but IMHO a legit reason to let the app know where you are (exact location, actually), assuming of course the airline doesn’t sell me out.

1 Like

I’m aware. But I routinely make use of the share sheet options to strip that information from my photos when I’m sending them to certain people. I suggest everybody check out those share sheet options. Very handy to be able to pick and choose on a case by case basis.

I guess I left out something that I should have explicitly stated: when I say “share” regarding my photos, that’s in any manner—not just sharing them via the sharing sheet. I do most of my image processing on my Mac still. (I’m trying to get the hang of doing it on my iPad, but I’m still much more precise with a trackpad or mouse than a touchscreen or stylus.) So images that get distributed from there don’t go through the sharing sheet. They’re being uploaded to sites via their web interfaces. Even most images I “share” from my phone aren’t done via the sharing sheet, but via web browser or the site’s app directly.

Honestly, about the only time I use the sharing sheet to send images anywhere from my phone is if I’m sending them via Messages. I’ve had too much go wonky trying to share to non-Apple apps via the sharing sheet. So I just don’t bother.

I get that I don’t do things the way a lot of people currently do them, or even the way Apple might expect us to do them. I probably should be more cautious about assuming that people understand that there’s more than one avenue for things like this. But at the same time, people should be more careful about assuming that anyone else is doing things in the “normal” way. I spent far too much time in IT to assume that anyone is doing things in a particular way.

1 Like

Well, of course this topic is about iPhones so I’ve been focusing on that. But even in the Mac Photos app there is File / Export and you can remove location information from there (as well as other metadata like captions), export it to a folder, and upload files from there. (Of course there is also duplicating photos and then stripping metadata from the duplicates, also available on iOS/iPadOS, but I find that confusing without some way to know which is the “good” one to upload and which the “bad”.)

One of the iOS sharing options is to share to files, so you can share the files without location to a folder and upload from there.

And this is not directed to you - you’re going to do your thing - but to anybody who finds value in geotagging photos by default, as I do, particularly when I am away from familiar locations, and still want to be able to share them to a Meta app like Facebook or Instagram without giving Meta information about the photo location (even if Meta will strip the location when they actually put it in everyone’s feed.) I am fairly certain that this ability to remove location information when sharing from Photos is not a well-known feature.

2 Likes

My UA app will track me when I get to the airport. When I get off the plane if I have a connecting flight it’ll actually map my way to the next gate. It’s pretty handy actually. Once I’m done flying, I shut off the tracking.
I forget which airline I used, might have been AA, once at gate the boarding pass popped up on my Lock Screen.

1 Like

Where would I find a switch for geotagging? I couldn’t find one on my iPhone SE 2nd Gen (iOS 17.5.1) in Camera or Photos settings. In case it matters, I do not use the Photos app nor do I store pictures in iCloud.

Interestingly, the iPhone SE technical spec page says it supports video geotagging, while the iPhone SE (2nd generation) technical spec page does not mention video geotagging. But neither page tells me how to enable or disable it.

My best guess would be Settings → Privacy & Security → Location Services → Camera. If you set it to “Never”, then the app won’t have any location to store.

1 Like

The global switch to stop iPhone from geotagging all pics you take with its camera is
Settings > Privacy & Security > Location Services > Camera > Never

Personally, I leave that on since for my own use I want geotagging. In certain cases I select to strip that information in the share sheet before I pass on the photo. I know there are also Mac apps to strip EXIF data, in fact even for entire batches at a time. I use GraphicConverter myself.

1 Like