Thousands of apps are still tracking you even when you tell them not to
February 14, 2019
By Kim Komando
Online behavioral advertising, also known as “interest-based advertising,” is powered by user data, tons of it. It uses information gathered through your gadgets to help predict your preferences and show you ads that are more likely to be of interest to you.
All the major tech players all make money off ads in one way or another, and they need this personalized information to power their ads. Even smaller companies and your phone carrier want your personal data so they can profit off it by selling it to third-party marketing agencies.
It’s a balancing act as they try and collect as much user data as they can without blatantly violating your privacy. In fact, mobile app stores have rules in place to prevent developers from overstepping their bounds.
But what if apps are deliberately working around these rules and are sending data that is permanently tied to your gadget? What if it’s a unique identifier that a quick reset can’t remove?
Your phone may be permanently tracked
A new research study from AppCensus revealed that thousands of Android apps may be transmitting permanent identifiers alongside a gadget’s Advertising ID and are explicitly violating the Google Play Store’s privacy policies.
Although resetting your Android gadget’s Advertising ID should prevent it from being tracked for targeted ads (scroll down for step-by-step instructions), the researchers discovered that thousands of apps are also sending “persistent identifiers” that can’t be reset.
These non-resettable identifiers are uniquely tied to your hardware — your gadget’s serial number, IMEI, MAC address, for example — and they are mostly permanent and unchangeable.
In many cases, another identifier that’s being sent alongside the Advertising ID is something called the Android ID. Although the Android ID is not uniquely tied to your hardware, it can only be cleared via factory reset of your device.
What does this mean? Well, it renders the privacy protection benefits of an advertising ID reset virtually useless since advertisers can still profile and track you with your gadget’s unique identifiers.
Our lives are being tracked and sold to companies. In this podcast, you will learn who is tracking you, how they can get to your personal information and, most importantly, where your data is being sent.
Violations of App Store policies
If you think about it, using these permanent identifiers to track you is a whole lot worse than using the advertising ID.
To stop this practice, both Apple and Google have policies in place that prohibit app developers from transmitting other identifiers with the Advertising ID.
For example, back in 2017, Apple threatened to remove the Uber app from its App Store for transmitting unique “fingerprinting” iPhone identifiers which is against Apple’s app privacy guidelines. Uber has since complied, but it does highlight the way developers try to skirt the rules to track its users.
Google Play store’s policy, on the other hand, explicitly states that the Advertising ID cannot be transmitted with other identifiers without a user’s permission. Additionally, the Advertising ID is the only identifier that can be used for advertising purposes.
Thousands of apps may be involved
According to AppCensus’s findings, around 17,000 Android apps are transmitting the Advertising ID alongside other persistent identifiers and they are using them for advertising purposes, a clear violation of the Google Play store’s policies.
Here’s a list of the 20 most popular apps that are guilty of transmitting more than they ought to. Two of them have a billion downloads so far!
| App Name | Installs | Data Types |
| Clean Master – Antivirus, Cleaner & Booster | 1 billion | Ad ID + Android ID |
| Subway Surfers | 1 billion | Android ID |
| Flipboard: News For Our Time | 500 million | Ad ID + Android ID |
| My Talking Tom | 500 million | Ad ID + Android ID |
| Temple Run 2 | 500 million | Ad ID + Android ID |
| 3D Bowling | 500 million | Ad ID + Android ID + IMEI |
| 8 Ball Pool | 100 million | Ad ID + Android ID |
| Agar.io | 100 million | Ad ID + Android ID |
| Angry Birds Classic | 100 million | Android ID |
| Audiobooks from Audible | 100 million | Ad ID + Android ID |
| Azar | 100 million | Ad ID + Android ID |
| B612 – Beauty & Filter Camera | 100 million | Ad ID + Android ID |
| Banana Kong | 100 million | Ad ID + Android ID |
| Battery Doctor – Battery Life Saver & Battery Cooler | 100 million | Ad ID + Android ID + IMEI |
| BeautyPlus – Easy Photo Editor & Selfie Camera | 100 million | Ad ID + Android ID |
| Bus Rush | 100 million | Ad ID + Android ID |
| CamScanner – Phone PDF Creator | 100 million | Ad ID + Android ID + IMEI |
| Cheetah Keyboard – Emoji & Stickers Keyboard | 100 million | Ad ID + Android ID |
| Cooking Fever | 100 million | Ad ID + Android ID |
| Cut The Rope Full FREE | 100 million | Ad ID + Android ID |
Based on the traffic, most of these apps are transmitting this data to ad networks and are being used to place ads in apps and track how users engage with the ads.
How do you reset your Advertising ID, anyway?
Refresher: Resetting your gadget’s Advertising ID is similar to clearing cookies on your web browser. But how do you reset it, anyway? Here’s how:
iPhone, iPad, or iPod Touch — Go to Settings >> Privacy >> Advertising >> Toggle “Limit Ad Tracking” to On. You can also reset your Advertising Identifier in this section to unlink any previous data associated with your ID.
Android phones – Generally, on an Android gadget, you can go to Settings >> Google >> Ads >> Toggle “Opt out of Ads Personalization” to On. Similar to iOS gadgets you can also reset your gadget’s advertising ID on this page.
What is Google’s response?
In an official statement, Google said it is taking these reports seriously and will take action if the apps listed on the research do not comply with its policies.
The company said that although its policies allow the collection of hardware identifiers and Android IDs for fraud detection, they can’t be used for the purpose of targeted advertising.
However, here’s another loophole that developers can exploit. Although Google can enforce its policies when Android apps are sending the identifiers to its own networks, the company said that it can’t monitor apps that are sending data to third-party ad networks.
If that’s the case, why even reset your phone’s advertising ID if developers can still find workarounds to track you? Hopefully, Google will do a better job of monitoring these privacy offending apps sooner than later.
Do you want more tips on how to stop your phone from being tracked? Tap or click here.
https://www.komando.com/tips/software-and-apps/thousands-of-apps-are-still-tracking-you-even-when-you-tell-them-not-to/