“You are receiving these services for free because advertisers are helping monetize and pay for it,” he said, adding, “You would have to be pretty oblivious if you are not aware that this is going on.”

This product, it's you.
posted by chavenet at 8:21 AM on December 10, 2018 [5 favorites]

To iOS's credit (which isn't much), it does both allow you to authorize an app to only use location services while using the app itself (IIRC, unless they've changed it, Android just has an on or off choice), and rather than sending the user to a dark-pattern UI which has ENABLE LOCATION OR APP WON'T WORK AT ALL in huge text, and then a microscopic disable location and cripple your app in eggshell text on white background, it leaves all options the same size.

I think the default should be during use only, and you should have to go into OS settings (never in-app, to prevent impulse authorization) to enable always-on location. Also, the app should never be allowed to prompt the user for always-on location access.

This problem is Apple and Android's, and they need to fix it. Ban bad actors permanently from the app store for selling location data. The only way the gatekeepers can protect their customers is the big stick. Android has more conflict of interest in this area (that's probably radically understating it), but there's a chance that Apple just... might... care enough to really do it.
posted by tclark at 8:24 AM on December 10, 2018 [7 favorites]

This is gross and bad on a societal level but unfortunately on a personal level I find it hilarious that someone, somewhere, could potentially see me repeatedly sprinting back and forth the 100 feet between couch to bathroom the last time my stomach decided to try and kill me.
posted by poffin boffin at 8:26 AM on December 10, 2018 [13 favorites]

Relevant: anyone who has a Garmin GPS watch and doesn't want to upload it to Garmin Connect or Strava can pull the .FIT files off using regular old USB and load it into Golden Cheetah, which will work without an internet connection (aside from the map bit) for analysis.
posted by grumpybear69 at 8:30 AM on December 10, 2018 [6 favorites]

I get the discussion about location tracking by apps sending location data gathered by on-board systems (GPS, wifi databases, etc), but what about the carriers themselves? They can triangulate you pretty well as long as your phone is turned on. Doesn't matter what apps you have running or not.
posted by JoeZydeco at 8:32 AM on December 10, 2018 [6 favorites]

At least there are some protections around carrier tracking, depending on your state.
posted by grumpybear69 at 8:34 AM on December 10, 2018 [1 favorite]

With the exception of apps for which precise location is the point (e.g. maps), the API ought to have built-in random error, so that the app developer gets accurate data in the aggregate but inaccurate data on any given person. For example, if lots of app users tend to go to, say, a sports stadium, then the developer will see a cloud of points centered on the stadium but won't accurately know where any given user was.

It should also feature random drop-outs, so that the location feed is occasionally intermittent, similar to how Apple doesn't record the start and end of trips made with its Maps app. It collects data on the common parts of trips but not where they start or end.

For apps for which precise location is the point, then the data should usually be anonymized. You can know who your users are, and you can know where your users are, but you can't know who is where. This could be done by separating authentication and location data. The app connects to the authentication server run by a 3rd party (e.g. Apple) and gets an anonymous token. That token is used to talk to the app server when location data is involved.

Some apps (e.g. anything that has users "check in" at a location) need to know both who someone is and their location. That could be addressed with limitations and regular audits on the use of the data. For example, no selling data downstream without aggregation and the addition of random errors and random drop-outs.
posted by jedicus at 8:34 AM on December 10, 2018 [8 favorites]

On the other hand, my local, my market and my workplace are all within a four block triangle with my residence that I bike or walk, everyday, in pretty much the same direction. What they may hope to glean from six years of that is beyond me. They do seem to get very amped when I ride out to Sears every once in a while.
posted by halfbuckaroo at 9:01 AM on December 10, 2018

I struggle a bit with this privacy concern because I have to say that a killer feature of Google Maps for me is the location sharing that my wife and I have enabled for each other. It is so bloody great to be able to arrange to meet somewhere and then watch for their arrival. It takes the social coordinating anxiety down to zero so effectively I kind of want it for everyone I arrange meetings with. Perhaps I should put this in my friendship license agreement.
posted by srboisvert at 9:09 AM on December 10, 2018 [13 favorites]

...on a personal level I find it hilarious that someone, somewhere, could potentially see me repeatedly sprinting back and forth the 100 feet between couch to bathroom the last time my stomach decided to try and kill me.

But how hilarious is the phrase "undisclosed pre-existing condition?"
posted by Western Infidels at 9:11 AM on December 10, 2018 [37 favorites]

super hilarious bc the 50 real ones i actually have will be in no way affected by a single day of food poisoning when i die without health insurance, but thanks for playing
posted by poffin boffin at 9:26 AM on December 10, 2018 [17 favorites]

Since turning off location services will often make an Android phone somewhat unusable, I try to limit the number apps I have on my phone to ones from developers that I nominally "trust" with my location and browsing data, such as Google. Sort of personal info risk management.

I also don't have the Facebook app or Messenger installed (or Whatsapp) to avoid location tracking. But I do have Instagram on my phone, and I wonder how much of my location and browsing data it shares with its parent company, Facebook? I use Facebook in a Firefox containerized tab on my desktop.

I also have no Amazon apps on my phone, either the shopping app or Prime video; I also use Amazon in a Firefox containerized tab.

However, I do have Audible and Goodreads on my phone -- I listen to books while going to the gym and so on, and Goodreads is a great app for making notes about what books I'd like to read and then searching for them a the bookstore (I live about ten minutes' walk from Canada's best bookstore, as well as the largest used bookstore in Canada).

How much of my location and web browsing info are these apps sending to Amazon?

Google of course knows everything about me, which is creepy AF but I have not yet decided to move back to Blackberry quite yet.
posted by JamesBay at 9:28 AM on December 10, 2018

I have a fitness watch. Their software says that they can't download data from the watch to my phone unless GPS is turned on. This is nonsense and it is easy to prove because some of the watch functions transfer data fine without the GPS turned on but others only transfer with the GPS turned on.

So I contacted their support, and they said that Google says it is a requirement for GPS to be turned on in order for data to be transferred to the phone. Some of their programmers must be following the Google 'law' and others are ignoring it.

I did some Internet searches and, sure enough, Google has some rule about needing GPS on to transfer data to the phone. Google's whole model for making money is directed advertising, so they clearly have an enormous monetary motivation for this 'rule', though I'm sure they have some technical babble about why the rule exists.

Especially considering the recent military security lapses (people on military bases using fitness watches and broadcasting their location), the government should force Google to explain to their app design customers that this 'rule' is null and void and they recommend the default to be GPS off unless the customer specifically wants it on.
posted by eye of newt at 9:32 AM on December 10, 2018 [5 favorites]

On an android device you can turn location services on or off for each app. I only have it on for apps where I need to see my location on a map. You can also turn your location history on or off for your entire google account. I believe that you can have person-to-person location sharing on while still having location history off, but I would have to have friends and/or loved ones to test this.
posted by runcibleshaw at 9:38 AM on December 10, 2018

Since turning off location services will often make an Android phone somewhat unusable, I try to limit the number apps I have on my phone to ones from developers that I nominally "trust" with my location and browsing data, such as Google. Sort of personal info risk management.

I arrived at almost the same phone setup as you but via a different path. Instead of personal info risk management I was taking an attention conservation approach. I have almost no distraction based apps on my phone. Turns out they are the same apps as the major privacy invaders. I guess when you are malign it is across the board.
posted by srboisvert at 9:45 AM on December 10, 2018 [1 favorite]

I always wondered why people arent hacking custom roms like lineage/cyanogen to allow people to put apps in a sandbox with spoofed or blocked location data and/or camera and/or Mic access.
posted by BrotherCaine at 9:57 AM on December 10, 2018 [1 favorite]

I almost succeeded in getting rid of Twitter on my phone... But it dragged me back in.
posted by JamesBay at 9:57 AM on December 10, 2018

@proffinboffin in the movie Brazil a character was incarcerated because of a spelling mistake. In your case it could be because of repeated occcurences of location proximity with people involved in activism ;)
posted by andreinla at 10:00 AM on December 10, 2018 [1 favorite]

I always wondered why people arent hacking custom roms like lineage/cyanogen to allow people to put apps in a sandbox with spoofed or blocked location data and/or camera and/or Mic access.

The last time I set up an Android device (quite a while ago) I rooted it and installed the Xposed module XPrivacy which claimed to do those things, but I never got around to digging in and playing around with those features. At the bottom of that page there's a “similar solutions” section with links to other projects/products.
posted by XMLicious at 10:14 AM on December 10, 2018 [2 favorites]

Folks here may be interested in some of our work in analyzing the privacy of Android apps at http://privacygrade.org.

The basic idea is that we use crowdsourcing to generate a model of what people are concerned about, and then apply that to all the apps we crawled.

We're working on an update of PrivacyGrade using network data too, to map out who knows what about us and why.

Perhaps one of the biggest findings from our team's research is that over 40% of apps that use sensitive data only do so because of third-party libraries (e.g. advertisers or analytics). We've mentioned this in talks to the FTC, Google, Apple, and others, that these third party libraries are the biggest point of leverage here if we want to solve the problem.

Also, more broadly, our team has been working on a Privacy-Enhanced Android, which seeks to offer new programming models, new isolation mechanisms, and new user interfaces to help improve the entire ecosystem of privacy.

If you're interested, see below for some of our work.
- Fostering an Ecosystem of Smartphone Privacy, this is a talk that summarizes a lot of our team's work on privacy
- https://privacyproxy.io/ (sorry, self-signed certificate is a bit out of date). This is a VPN that scans outgoing traffic for likely personally-identifiable information
- http://www.android.protectmyprivacy.org/. This requires rooted phones, intercepts calls to sensitive data on your phone, and helps you make better decisions
- https://privacystreams.github.io/. This is a new programming model that aims to make developers' lives easier, and improve privacy as a side effect by making accesses to sensitive data easier to analyze.
- Paper Does this App Really Need My Location? Context-Aware Privacy Management for Smartphones (PDF). This is the paper presenting our work on %apps that use sensitive data only because of third party libraries.
posted by jasonhong at 10:16 AM on December 10, 2018 [51 favorites]

This whole industry works by inserting a benign convenience into our lives, and then slowly turning it toward other means; once we use a service we're less inclined to ditch it when the costs become apparent - IF they ever do: this is a tried and true scheme for selling just about anything.

A wall of text TERMS AND CONDITIONS full of legalese does not suffice for making the costs apparent, here. The damn cure for cancer could be hidden in a service agreement and nobody would know. Expecting that one can possibly protect their data if they have an understanding of the byzantine way that different permissions, apps, and services interact with other is, frankly, the same as saying "we don't need to put seatbelts in cars - people just need to drive more carefully."

There will always be people oblivious to how technology works - nobody can have that level of engagement with everything in their life, nobody can scrutinize every single service. We have to hold the industry to higher ethical standards, rather than fall back on neoliberalism's assumption that things can be managed through individual choice at the point of a single consumer. Want to be safer? Move upstream. They don't want us to do that though. They want us to think that only YOU can prevent forest fires.
posted by entropone at 10:17 AM on December 10, 2018 [2 favorites]

from the AP's discovery that Google records your movements on Android devices

Think about the implications of this. This means that Google could tell the exact number of android devices in a given office building, then extrapolate from there based on local market penetration of android v. other brands a roughly accurate estimate of the total number of humans in that building at a given point in time.

Or on a freeway. Or anywhere really.
posted by allkindsoftime at 10:27 AM on December 10, 2018

It's really nice when the traffic on google maps helps to find a clever alternate route as I'm always starting late but then, HOW DO THEY KNOW, and well, there is no privacy, never really was and it's getting really accurate. Scary accurate.

What we need is an international (actually solar system wide) Bill of Rights. With short simple clear protections.
posted by sammyo at 10:39 AM on December 10, 2018

It's really nice when the traffic on google maps helps to find a clever alternate route as I'm always starting late but then, HOW DO THEY KNOW, and well, there is no privacy, never really was and it's getting really accurate. Scary accurate.

When I'm out riding my bike I get the sinking feeling that the same people who yell GET ON THE SIDEWALK are the same people who are driving 40mph through a park because an app told them it would shave thirty seconds off their commute.
posted by entropone at 10:55 AM on December 10, 2018 [9 favorites]

If you're concerned about this via the FB and Twitter apps, look at the Metal container app as a replacement. Uses no permissions and saves a ton of battery life.
posted by Divest_Abstraction at 10:55 AM on December 10, 2018 [3 favorites]

Since I had to google it to find out what Divest_Abstraction was talking about, and because it was surprisingly hard to actually find in a search result... https://play.google.com/store/apps/details?id=com.nam.fbwrapper&hl=en
posted by caution live frogs at 11:08 AM on December 10, 2018 [1 favorite]

Also, again. Android seems to be the riskiest platform. Sometimes a walled garden is not so friggin' bad. Less time spent pulling weeds.
posted by caution live frogs at 11:09 AM on December 10, 2018 [1 favorite]

When I'm out riding my bike I get the sinking feeling that the same people who yell GET ON THE SIDEWALK are the same people who are driving 40mph through a park because an app told them it would shave thirty seconds off their commute.

honestly those people were doing that and yelling that well before the advent of smartphones
(hell, i've had a police officer roll down the window of his cop car and yell GET ON THE SIDEWALK at me, despite the sidewalk being a totally illegal place to bike in that state)
posted by halation at 11:10 AM on December 10, 2018 [4 favorites]

Google identifies new security hole in Google+ API. No sign that it was actually exploited, but at least they announced it within a month. Must be a good news cycle for them.
posted by GenderNullPointerException at 11:17 AM on December 10, 2018

> It's really nice when the traffic on google maps helps to find a clever alternate route as I'm always starting late but then, HOW DO THEY KNOW, and well, there is no privacy, never really was and it's getting really accurate. Scary accurate.

This is a somewhat separate concern.

Google Maps needs to know your position to tell you where you are. Similarly, there are a lot of people around you also using Google Maps, and since Google has all this aggregated data and computing power, they may as well provide extra services like determining traffic density and flow, weighting alternate routes and providing recommendations. It doesn't necessarily require more data about you than what was necessary to tell you where you are on a map; to provide traffic reports.

The privacy intrusion stems from Google creating an account that's specifically about you, collecting data about you even when you're not actively using those apps (which is part of why Google Maps' traffic services works so well: Even if only 20% of Android users are using Maps while they drive, Google has the physical positions of all of them), retaining all the data it's collected about where you were at what time, and associating it with every other activity of yours that passed through one of Google's servers: Web browsing, what ads you clicked on, what you paid for lunch, and so on.

Google doesn't have to know that Bob, Jill, Janet and Fred are at a red light on Main Street, it's sufficient to simply know that four cars are at a red light. Google doesn't have to retain a record of Margaret driving from church to Planned Parenthood, but they're doing it anyway. The objection is not to Google (and many other companies) witnessing activity to provide real-time assistance, the objection is that Google (and many other companies) are retaining this data and repurposing it against your personal interests.

This is something that Apple is trying to use as a marketing advantage to the elite and powerful: The premium price (which, to people sufficiently wealthy, is an insignificant upcharge) for their products is effectively an up-front fee to substitute for monetizing your activities.
posted by at by at 11:23 AM on December 10, 2018 [16 favorites]

At this point in history I'm inclined to assume bad faith on the part of the NYT, basically any time they do a story that's not just a straight recounting of facts.

I'm a terrible person, admittedly, but this really seems like the sort of concern-trolling that NYT has gotten quite good at. The same sort of thing that makes them do those horrible stories where they interview nazis, metaphorically nod their heads sagely, and wrap up by trying to look concerned for everyone including the damn nazis.

I mean, on iOS the only apps that always know where I am/go are ride-hailing, maps, the system reminders app (geofencing is nice), system camera (I like to geo-locate my pics), the system services (kinda handy for locating cell towers) and that's literally it. This has required essentially no effort on my part (unlike, say, trying to stay in front of viruses circa 1997).

Of those apps/systems, only one is likely to sell my geo data and frankly everyone already knows the ride-hailing company is composed largely of dicks but I made the choice to use 'em anyway.

Yes, Maps doubtlessly uses my location to refine advertising, but they don't sell that data to anyone else and the last time I checked the ad target interface they only gave huge target areas (a sub-megaton nuke has a smaller blast radius than my ad radius) -- which, if you've mailed me anything ever in my life, you already know and have basically a 50/50 shot at guessing which zip code I'm in at any point in the day. It's not like they're telling when Target I'm walking in through the door (Target can know that, if they want, by doing things that have nothing whatsoever to do with apps or operating systems; just watch Bluetooth, associate credit card purchasing info with Bluetooth IDs, and over time you'll nail me).

...so I kinda don't see the point about wigging out on any of this, at least from an iOS side. Oh no, the apps that I specifically allowed to follow me, do in fact follow me? What an affront, whatever shall I do?

Now, if you install XYZ Random Gamez App that asks for permission to do everything, well, to be honest you probably shouldn't pretend to be surprised when they track you. The extent to which apps trick people is an issue, but that's quite separate (IMHO) from Apple/Google knowing where I am, and the NYT is intentionally conflating the two.
posted by aramaic at 12:16 PM on December 10, 2018 [4 favorites]

Hi. Developer here, whose company's flagship product tracks the living hell out of its users, because there's a map feature that is central to the user experience. There are a couple of misconceptions here that seem like they're worth clearing up.

1. People care deeply about their privacy Wrong. YOU care deeply about your privacy, maybe. (Probably not) . John Q. Public wants to use whatever app is shiny and chrome in his app store, and could give two fucks about what it's doing with his location data. Literally the only thing that meaningfully moves the needle on app uptake is upfront cost. You can ship the most unusable app ever dreamt of by mankind, and subject its users to all manner of indignity, but as long as your app is free and people see value in using it (where "value" means many things to many people), you can bombard them with ads and track their every step and take pictures of their cats while they're sleeping, and they will happily accept your terms of service because they do not care . They have never cared, and I don't foresee a future in which they ever do care. They probably should care, but there's a lot of things people should do and yet somehow never seem to get around to. (Flossing, exercising, and not-voting-Republican leap immediately to mind). Privacy advocates have been at this for decades, and they make compelling and interesting arguments... and if you try to bring the subject up at Christmas dinner, you'll be rewarded with the same set of vacant stares you'd get if you started complaining about zoning variances in Sandusky, OH.
2. Sure they do. At least, a vocal enough minority cares "Aha!" I hear you say, "Enough people care deeply about their privacy that they would bankroll such a venture, and would pay a large amount of money for a semi-crippled Android phone that they know has to ask a central authority for permission to use anonymized GPS data." To which I reply, (leaving aside the question of who would manage that repository) there are eleven people in the world who care enough about this to spend money on it, and those eleven already have podcasts and run jailbroken operating systems that spoof GPS data and are preaching to the converted. Meanwhile, the actual implementation cost of such a thing would be staggering. You're talking about a hard fork in the Android ecosystem, and an entire separate operating system codebase to be maintained by volunteers, because Google sure as hell isn't going to spend the money to let third-party developers enforce clear privacy rules. Apple, in their walled garden that purports to respect privacy, could maaaaybe manage it, but it would take three years and cost billions of dollars, and what motivation do they have to do so?
3. Device-makers could stop this if they wanted to Nice thought, but no, they couldn't. Ubiquitous GPS is the genie unleashed from the bottle. It makes too many things work too well for too many people to ever hope to cork it back up again. Whichever phone company decides to put out an SDK that locks down GPS data is going to be driven out of business the moment its users discover that Candy Crush doesn't work correctly when some of its permissions are disabled by the operating system. Does Candy Crush need your geodata to make its app function properly? Of course not, but it's a huge value-add to its authors, and imparts only minimal costs on each end user. The people making the rules about things like this are governmental agencies, and you get three guesses which side wins between a small entrenched interest with money to throw at lobbying, and lots of users who care just a little bit.
4. Good governance would fix this Look, I'm as flaming a lefty as you'll find around these parts, and I still don't see it. Let's imagine you had fiat power and a magic wand that you could use to create your ideal world-state right this very moment. Poof, we are made utopia! Here's the problem. Your apps are sending a continuous stream of bits to their authors, some of which are geolocational data and most of which aren't. Anyone with a lick of sense is encrypting that data in transit, which means that no one other than its intended receiver can tell what that data is without military-grade decryption software. Do you want to know who cares enough about enforcing consumer protections to put their military-grade decryption software to good use? Not the government of any country with the resources to have military-grade decryption software, that's for sure. So you're looking at irregular audits of corporate databases as an enforcement mechanism, which (1) LOL Facebook upended a national fucking election two years ago and the feds have been awfully quiet if they've burned the place down in retribution, and (2) is still defeated by companies creating tenuous justification for hoarding users' geodata. My company, for example, could rightly claim that we need GPS data to make our core product work, and we're too small to have an audit team devoted to purging old data; data cleanup is hard, and it's expensive. It's objectively way cheaper to just let everything sit in a data warehouse forever, where we can periodically mine it for advertising gold. Good luck overcoming that inertia.

In conclusion, the only way I see out of this is via the judiciary, and that seems like an awfully long shot. Meanwhile, there's no political will to fix this situation, whereas there's tons of money for lobbying to keep the status quo. Apple and Google have no motivation to do anything proactive, since it will piss off their respective user bases and cost an ungodly amount of money to retrofit their operating systems. All of which ignores the underlying fact that people just don't care about the privacy of their data. Sorry, guys... the college-era-libertarian in me shrieks in fury, but individual privacy from corporate data-harvesting is a concept that died the moment Steve Jobs stuffed an ARM processor and a battery into a GPS-enabled phone.
posted by Mayor West at 12:26 PM on December 10, 2018 [19 favorites]

Whichever phone company decides to put out an SDK that locks down GPS data is going to be driven out of business the moment its users discover that Candy Crush doesn't work correctly when some of its permissions are disabled by the operating system.

Mayor West, you realize that Apple currently lets users turn off background location data, or ALL location data, for any app? They haven't exactly been driven out of business...
posted by Nutri-Matic Drinks Synthesizer at 12:43 PM on December 10, 2018 [5 favorites]

Hi. I'm an end-user of personal information data, but on an aggregated level. I don't want to know what the individual person goes, but where groups of people travel, because I'm trying to plan for future transportation system maintenance (mostly) and development (less so, because it's expensive to build new roads -- and then you have more lane miles to maintain). I want to know broad trends, so I can forecast future trends and develop scenarios. If we do add a 3rd lane here, or a new road there, how will the traveling public react? Will it be better for a short while, or will that new lane or road get just as congested in a year or two? Does it make sense to spend millions of dollars on this project, or a different one? What's the Benefit/Cost Analysis?

One of our data vendors touts the value of their data by noting that they buy data from 180 different apps whose experience is tied to user locations. And it's not too expensive to buy a state's worth of data, aggregated into broad flows. But I won't see any personally identifying information there, which is perfectly fine by me. I don't want the same power as was publicly available as a "demo" from a website that was open to all until NYT, ZDNet and others published articles in May 2018.

The alternative to buying this data for tens of thousands of dollars is conducting transportation surveys at ten times the cost, though that data should be statistically sound, representing a cross-section of the entire public. That requires contacting specific individuals to represent different user groups and get them to write down how and when they travel in a given week, so transportation planners and data crunchers like me can extrapolate that information and model that data into broad trends. And those costs are only part of building a larger travel demand model. So even at hundreds of thousand dollars, buying and using this data could save a state millions pretty quickly, if the data collected, processed, and used well and wisely.

This has been another "how do they do that thing" public service announcement about transportation planning.
posted by filthy light thief at 1:23 PM on December 10, 2018 [4 favorites]

At this point in history I'm inclined to assume bad faith on the part of the NYT, basically any time they do a story that's not just a straight recounting of facts.

It's worth noting that NYTIMES DOT COM likely has tens or hundreds of tracking services on its website. I'm not even gonna look.
posted by mrgrimm at 1:30 PM on December 10, 2018

likely has tens or hundreds of tracking services on its website

Meh, I'm only seeing about fifteen on their main page, at the moment. Compared to CNN and similar, that's not too bad -- and compared to local news sites, it's negligible. (Local news sites are horrifying -- I feel like I should be typing through a napkin and washing my hands afterwards, whenever I land on one)
posted by halation at 1:39 PM on December 10, 2018 [2 favorites]

I see a lot of services that tell you which apps are lousy with this for Android. Anything for iPhone?
posted by corb at 3:41 PM on December 10, 2018

How much money does it cost to buy access to one of these databases through a third party? What does that data look like once you purchase it?

Because once you have a house address it doesn't seem hard to pick out an individual from the database (like the NYT seemingly did). It's the kind of thing that (at best) a PI would probably be extremely interested in subscribing to.
posted by codacorolla at 5:06 PM on December 10, 2018 [1 favorite]

Mayor West, you realize that Apple currently lets users turn off background location data, or ALL location data, for any app? They haven't exactly been driven out of business...

Absolutely true. Sorry, on re-read, I should have been more specific: the first company to ship a phone that disables permissions for GPS, data, etc. by default, without actually making you go through the settings page, or who doesn't normalize the experience with a popup window asking your specific permission for something (which we've all seen and clicked through a million times, and don't really view as a collective big deal any more, and have built expectations into our heads re: whether the app will generally cease to function if we click "no") is going to get creamed by a torrent of angry users who don't actually care, and why does my Solitaire app crash after every game I win?!
posted by Mayor West at 5:09 PM on December 10, 2018

I use a three year old android phone. I turned off most background because it used up my data, then I got unlimited data, I left them off. I turned off location, always. I don't want my phone choosing my route as I drive, I like knowing where and how I am going before I go. I do not multitask and drive. I never give my location to any app. My phone works just fine. Carry some money and use it to conceal travel expenditures, including coffee, lunch out. Get off of social media, (except Mefi!) I don't want a google assistant helping me live my life. That they help is the fourth great lie, help themselves and their paying friends is more like it.
posted by Oyéah at 6:24 PM on December 10, 2018 [3 favorites]

To iOS's credit

iOS also detects new apps using location services while in the background and warns you about it, along with a link to privacy settings. This feature pleasantly surprised me the other day when the TacoTimeNW app was apparently secretly tracking me. I revoked its location permissions and took the opportunity to audit all of the other apps permissions.

iOS is way ahead of android in this respect.
posted by qxntpqbbbqxl at 7:28 PM on December 10, 2018 [5 favorites]

So just to be clear: if you have an iPhone and turn off location services, you stop all of this tracking by apps?

I realize that you'll still have cell tower tracking, but only Apple and your carrier would have that info, right? And in fact, I could turn off cellular service for stretches, use my phone only with wifi or, say, playing music already on the phone while I drive, then I wouldn't be revealing even that?

Or am I being naïve?
posted by msalt at 10:13 PM on December 10, 2018

use my phone only with wifi
Then they've got you on Wi-fi MAC address tracking. (iOS has randomization, but at least last I saw there were low-level flaws the US Naval Academy published on a while back that made it basically useless)
posted by CrystalDave at 10:19 PM on December 10, 2018 [1 favorite]

OK. But if I turn off both location services and wifi, and live without the Internet? I guess that's the equivalent of turning off your phone. Except I could still listen to songs and downloaded podcasts.
posted by msalt at 10:28 PM on December 10, 2018

So long as you make sure to turn off cell service and Bluetooth as well, you should be good. (At least, as far as remote passive tracking goes).

That said, if you switch your threat from "general passive tracking to invade your life" to "Someone specifically has it out for you", then not even that's enough because they could take over the baseband processor of your phone and flip it on silently so it communicates in the background with the cell towers.

Really, a lot of security questions come down to James Mickens' MOSSAD/Not-MOSSAD threat model, with the above being option 3.
posted by CrystalDave at 11:02 PM on December 10, 2018 [2 favorites]