Modern field guide to security and privacy

How app makers increasingly track your every move

Privacy advocates say tech companies are becoming more brazen about collecting users' location data and personal information.

Peter Prengaman/AP
Mirella Sanches waited to be picked up at an Uber stand in Rio de Janeiro, Brazil.

For just a few days last month, a photo filter app called Meitu, which turns selfies into pearl-skinned, doe-eyed Anime characters, enthralled the social media world.

But Meitu faded as quickly as it rose to internet fame after cybersecurity researchers exposed what was really behind the app.

Meitu’s application program interfaces (API) revealed code that collected a bevy of personal data that goes far beyond what typical photo apps gather. It amassed users' precise locations, call information, carrier information, and Wi-Fi connections. The company explained that it collected all that data to "optimize app performance" and better engage users.

As smartphones become ubiquitous, app makers are becoming more brazen about collecting personal data, say experts and privacy advocates. And while iPhones and Android devices have limited privacy settings, most consumers remain in the dark about what companies are collecting and how they are using that information. 

"With business models focused on advertisements and sharing information of others, we've seen massive amounts of tracking," says Norman Sadeh, a computer science professor at Carnegie Mellon University in Pittsburgh. "There's been erosion of privacy over the past few years."

In 2015, he cowrote a study that found a dozen or so popular Android apps – from companies such as the Weather Channel and Groupon – collecting location data about every three minutes. 

Claire Gartland, a consumer privacy attorney at the Electronic Privacy Information Center (EPIC), compared the smartphone app marketplaces to "the Wild West" when it comes to privacy regulations and says consumers are left on their own to protect their own personal data.

"When we go shopping at a grocery store, the [Food and Drug Administration] doesn't allow poison in our food," says Ms. Gartland. "But the current situation is like reading every ingredient on every box [to avoid something harmful]."

Instead, she says, the lawmakers should create a basic, easy-to-understand privacy framework that spells out what app makers can and can't collect. 

EPIC has had mixed success taking on Silicon Valley giants on privacy matters. It was able to push Facebook to settle with the Federal Trade Commission in 2011 for breaking its own privacy policy, which stated that photos and videos from deleted profiles would remain inaccessible and that it would not share private information with advertisers. As part of the settlement, Facebook agreed to be submit to independent privacy audits for the next 20 years.

EPIC has also taken aim at Uber. In 2015, the privacy watchdog filed a complaint against the ride-sharing company, charging that Uber’s then-revised privacy policy was an unlawful and deceptive trade practice. In the complaint, EPIC argued that Uber’s promise that "users will be in control" was not true since Uber can access their location data without their permission. A year and a half later, the case is still pending

Last December, Uber faced scrutiny after its new app update asked users if it can collect precise location data for five minutes after the ride, when the app is no longer in use. Previously, Uber offered the choice of collecting the data only when the app was in use. Uber took that option away but insisted the tracking will stop after the five-minute limit.

An Uber representative told Passcode that the new app update "helps us improve ETAs, pick-ups, efficiency on POOL, and passenger safety" and that any user uncomfortable with location tracking can turn it off and still use the app by manually putting in the pick-up address.

Uber’s expansion in data collection alarmed many privacy-oriented consumers such as Silicon Valley-based engineer Michael Fischer. He penned a letter in the tech blog HackerNoon, urging Apple to stop Uber’s app update and prevent other apps from behaving like "stalkerware" – a word Fischer coined to describe software which tracks users 24 hours a day.

Uber and Apple did not respond to Mr. Fischer’s plea. In Apple's mobile operating system settings, Uber’s latest edition only allows location-sharing settings to be on "Always" or "Never."

"The only thing you can resort to now to turn the location setting on, then turn on the Uber app, and then turn off the setting once you are done," Fischer told Passcode. "But this is very inconvenient. And the Uber app developers aren't stupid. They know this is inconvenient."

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to How app makers increasingly track your every move
Read this article in
QR Code to Subscription page
Start your subscription today