Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Some of them The world’s most popular software is being tracked by rogue members of the advertising industry to obtain data on the locations of the most affected, and the data comes from a location data company whose company has previously sold global data to the US police.
Thousands of programs, in closed files from data company Gravy Analytics, include everything from sports like Candy Crush and dating apps like Tinder to track pregnancy and religious prayer apps for Android and iOS. Because most of the data collected is done through advertising content, not code generated by the software developers, this data collection is done without users or software developers knowing.
“For the first time publicly, we appear to have evidence that one of the largest data brokers that sells to commercial and government clients appears to be getting its data from the bid stream of online advertising, rather than from the software itself. , Zach Edwards, senior threat analyst at cybersecurity firm Silent Push and has followed the location data market closely, tells 404 Media after reviewing some of the information.
This information provides a rare insight into the world of real-time bidding (RTB). In the past, data processing companies paid software providers including bundles of code that collected user location data. Many companies have turned to it instead access to location information through advertising campaignswhere companies order to place ads within apps. But the result is that data brokers can eavesdrop on the activity and find the location of public phone calls.
“This is a big problem for privacy, because not only does this data breach have data removed from RTB, but there’s a company out there that’s acting like a global pirate, doing whatever they want with any data that comes in,” says Edwards.
Included in Gravy’s database are millions of mobile devices within the US, Russia, and Europe. Some of these files also specify the program next to each piece of data. 404 Media removed the program names and created a list of the programs mentioned.
This list includes social networking sites Tinder and Grindr; big games like Candy Crush, Temple Run, Subway Surfersand Harry Potter: Games & Speeches; the transportation app Moovit; My Period Calendar & Tracker, a period tracking app with over 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo email client; Microsoft’s 365 office app; and Flightradar24 tracker. The list also mentions many religious programs such as Islamic prayer and Christian Bible programs, various pregnancy trackers, and many VPN programs, which some users can download, surprisingly, to protect their privacy.
A complete list can be found Here. Several security researchers they have published other lists of programs in the data, of different types. Our brand is large because it includes both Android and iOS apps, and we decided to keep duplicates of the same app that differ slightly in name to make it easier for readers to search for installed apps.
Although the data set comes from Gravy, it is unclear whether Gravy collected the data for the site or obtained it from another company, or which company owns or has permission to use it.
