What you need to know:
All apps comes packaged with what are known as Software Development Kits (SDKs). Think of apps as a set of building blocks, where app developers build the blocks that are unique to the functionality of the app, but for many components like advertising and analytics, they stack on blocks created by third parties. This allows app develops to accelerate development and eliminate redundant efforts.
These SDKs can collect data on you and send that data directly back to its creator. They also can also often connect your data between apps. Furthermore, apps can also collect and transmit data even when you’re not using the app, depending on your phone settings.
Some of this data isn’t invasive and goes to third parties to analyze how you use the app, monitor app performance or identify fraud. In many cases however, data is collected solely for advertising purposes and can include anything from profile information like age/gender, to device details, to precise location. When using any app, there might be dozens of other organizations potentially collecting sensitive data on you.
Generally, developers will say this data is “anonymous”, however in the hands of tech companies, social media networks and data brokers, it can be de-anonymized by matching up these data sets with other data points. There were also many instances of personally identifiable data being shared against privacy policies.
Many of the SDKs in popular apps are developed directly by large tech and advertising companies that already have a wealth of data on you. Others are developed by companies you’ve never heard of that are essentially data brokers or will sell the information to data brokers.
These app trackers are in many cases an easy way for app developers to make money, especially for those that provide their apps for free. However, this type of tracking will lead large tech companies to collect even more information on you, even when you’re not on their platform.
Washington Post investigation into app trackers
How SDKs are utilized in app tracking
Reply All podcast episode that describes how data collected from a gaming app ended up in the hands of robocallers
What to do:
For iPhone users you can turn on “Limit Ad Tracking” in the privacy settings which will remove your unique identifier for your device, which will make it a bit harder for companies to track you across apps. You can also turn off “Background App Refresh” in your general settings to prohibit apps from sending data when not in use.
For Android devices you can similarly toggle “Opt out of ads personalization” in your settings. You can also turn off different types of data saved to your Google account by visiting here.
Where possible you should use web pages on your phone via browsers instead of apps. Many browsers have built in tools to limit tracking, while apps do not.