Apps like Temu or TokTok. Or those cheap electronic devices where you have to download a questionable app and register an account. What exactly is being stolen and what is being done with it? Who is doing it? Why?

  • Potfarmer@lemmy.world
    link
    fedilink
    arrow-up
    30
    ·
    1 year ago

    I find the motion sensing and gps tracking to be the creepiest. Using motion sensing they can know when you put your phone down and pick it up, if it was screen down or face up, and knows when you are walking, running, driving, etc. Combined with GPS it can be used to pretty accurately judge when you wake up, where you go, and how you get there. Lots of apps also don’t “close” when you swipe it away, they continue running in the background, so if you have the setting “only collect data when using the app” it will still collect data until you close it in the background or force stop it.

    • Adalast@lemmy.world
      link
      fedilink
      arrow-up
      9
      ·
      1 year ago

      It is even worse than that. Given the list of data you have provided it is actually possible to discern general activity. You can determine if you are playing video games, working out, watching TV, out on a date, hanging with friends. As long as your phone is in your possession, the patterns for every behavior have a distinct fingerprint for each person. With enough collection, they can be filtered and categorized.

      Source: I am an analytical statistician.

      • ilinamorato@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        I also read about how they can correlate data between users and devices, too; maybe you don’t have location on, but your app can correlate accelerometer data from your device with matching data from the same time from another device on the bus that does have location on. Boom, now they know you ride that bus. Or: everyone connecting from a particular IP address visits a particular restaurant’s menu site from a QR code. Pretty good chance, then, that that IP address is the restaurant’s wifi. Now they can correlate all that data and find out who your friend group is. Even something as simple as knowing that you were near your friends for an extended period of time while they were in an Uber to a venue before a show can help them build a profile about you and your cohort’s interests and behaviors.

        • Adalast@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          Yup. I love that I got my math degree, but it does give me an understanding of things like this that are usually miles ahead of my cohorts. It makes my skin crawl to see the kinds of things that these companies harvest. You mention restaurant QR codes. I’m sure not all of them are, but it is so easy to build harvesting APIs into websites that host those menus. I do the Analytics work for my company and the things that even just the basic analytics tag harvests, let alone setting up specialized eventing or more invasive APIs.

      • ADTJ
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        The enhanced permission api was a huge step forward but plenty of apps still just demand permissions up front and lock you out until you grant them

      • Railing5132@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        To your last point, yes. The average user doesn’t even glance at the permissions before blindly accepting them. It is also true that an alarmingly high number of users/consumers /don’t care/ about basic privacy concerns that affect things like targeted ads, PII, and information that could be used to affect things like credit score.