A major security flaw in Gravy Analytics has exposed the location data of millions of users. Popular apps such as Tinder, Candy Crush and MyFitnessPal, which are installed on millions of smartphones worldwide, are affected. The leaked data provides detailed insights into users' daily movements and locations, raising massive concerns about data protection.
In an increasingly digital world, protecting our data is becoming more and more important. Location data is particularly sensitive, as it not only shows where we are at any given time, but also allows us to draw conclusions about our habits and our lives. The data breach at Gravy Analytics shows how easily sensitive information can fall into the wrong hands - just by using everyday apps. It is a wake-up call for each of us to be more conscious of the data we disclose.
What happened?
Gravy Analytics, a well-known location data broker, was hacked. A hacker claimed last week that it had gained access to the data of millions of users. Shortly thereafter, the data was published, confirming the severity of the incident. The leaked information contains precise location data that shows where users regularly spend time - such as at home, at work, or in other frequently visited places. This location data comes from the so-called real-time bidding process. This is an automated auction that decides in milliseconds which advertisements will be shown to a user. During these auctions, advertisers gain access to technical information such as the device type, IP address, and in many cases, precise location data - provided the user has given permission. This so-called bidstream data is collected by data brokers such as Gravy Analytics to create extensive profiles. In the current case, however, this data fell into the hands of hackers and is now publicly available.
Which apps are affected?
The list of affected apps is long and includes many well-known names. These include:
- Dating apps like Tinder and Grindr
- Game apps like Candy Crush, Temple Run and Subway Surfers
- fitness apps like MyFitnessPal
- Tracker apps like My Period Calendar & Tracker
- Social networks and email apps such as Tumblr, Yahoo Mail and Microsoft Office 365
- Religious apps, including Muslim prayer and Christian Bible apps
VPN apps, which are supposed to provide more privacy, are also affected. Overall, the glitch shows how widely the collected data is spread across different app categories.
How could this happen?
The core of the problem lies in the real-time bidding process. This allows advertisers to bid for ads in real time while gaining access to user data. Users' data is included in this auction, so to speak. Every advertiser who places a bid gets access to the bidstream data - even if they don't ultimately win the auction. Data brokers like Gravy Analytics buy this information and combine it with other data to create comprehensive profiles. In the current case, a hacker was able to extract this data from a Gravy Analytics database. The result is a comprehensive data leak that is now publicly available and provides detailed insights into the locations and movements of millions of people.
Is there a ray of hope for iPhone users?
Baptiste Robert, the CEO of Predicta Lab, explainedthat iPhone users may be better protected if they have denied apps tracking. According to Robert, Apple's "Allow apps to request tracking" function prevents apps from sharing location data. Users who have deactivated this function should therefore be less affected by the glitch. You can check this setting under "Settings" → "Privacy & Security" → "Tracking". Here you can also see which apps have been allowed to track so far and deactivate this individually if necessary. As long as the switch for "Allow apps to request tracking" is not activated, you are on the safe side, as none of the apps are allowed to track you.
What does this mean for you?
The Gravy Analytics data breach once again shows how important it is to be conscious about app permissions. Location data is particularly sensitive because it can provide intimate insights into your life. To protect yourself, you should take some precautions for the future:
- Regularly check your apps' permissions. Only allow access to your location when it is really necessary.
- For iPhone users: Disable the “Allow apps to request tracking” feature in Settings.
- Stay up to date with the latest developments in data protection and security.
Gravy Analytics: A lesson in data security
The Gravy Analytics data breach is another example of how carelessly our data is handled. What is particularly problematic is that many users do not even know what information is being collected about them. These events should encourage us all to be more careful with our digital traces. Data protection starts with you - by being more conscious of your apps and their permissions. (Photo by Marko Aliaksandr / Bigstockphoto)
