How Websites And Apps Are Gathering User Data, As Explained By Apple

The internet allows any connected device to communicate with one another. With billions of connected devices, that many devices are simultaneously interwoven in a network of networks.

With ever-increasing reliable internet connection, devices can connect to these networks 24/7.

The good thing is that, the world's information is just a couple of clicks (taps) away. Communication has shrunk to the palm of a hand, and no distance is too far. The bad thing is that, many providers of those services can perform tasks without users knowledge or consent.

This can have a scary implication, especially in terms of privacy.

Apple is a lifestyle brand, the company sells a bunch of expensive 'i' products, and more.

Because the company does not rely on showing targeted ads and tracking users for its main revenue sources, Apple is confident when speaking about privacy.

And in a "A Day in the Life of Your Data", Apple details how third-party companies can track user data across websites and apps.

Private eyes

Back in 2010, Apple co-founder Steve Jobs was quoted saying:

"I believe people are smart and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you’re going to do with their data.”

Apple said that on average, mobile apps can have six trackers from third-party companies.

By design, these trackers' sole purpose, is to allow advertisers, data brokers, social media companies, and other entities collect and track people and their personal information.

In a case study Apple made, the company gave an example of how these trackers allow the online advertising industry that is worth hundreds of billions of dollars to learn about a father and daughter who spent a pleasant day at the park.

The story follows a father John and a daughter Emma who wish to spend their time at the park. John uses his computer, smartphone and tablet, walks with his daughter to buy something with a credit card en route to their destination.

In the modern days of mobile computing, internet and social media networks, things like that may look innocent, but can hide so many sinister things behind its back.

That, thanks to trackers that are embedded inside the SDKs and APIs that developers used to build their apps.

When father John and Emma wanted to spend the day together at the park, the father uses his computer to look for weather forecast, read the news, access the map app for traffic to commute and so forth.

Behind the sites and apps the father uses, they use trackers to periodically collect and track their users' location data in the background. And after the data has been extracted from the device, app developers will sell it to third-party data brokers that John may have never heard of.

Apple continued the story, by saying that when the daughter was allowed to play with her father's tablet, she sees an ad for a scooter. This ad is shown because advertisers wanted to bid for the ad space for the tablet, because they wanted to target people like John.

"This ad will follow John and Emma across different apps for days, also showing up on multiple apps and websites on his computer and phone," wrote Apple.

Apple continued to explain how scary these trackers can be.

When John and Emma visited an ice cream shop, John that pays with his credit card will have the store and how much he paid for the ice cream sent to data brokers.

And when the trackers see that the two were visiting a toy store, they will suggest that John has a daughter.

Soon, John's phone will be bombarded with ads about sugary treats and from the toy store John and Emma have visited.

And when finally arriving at the park, the father and daughter took a selfie, to then fiddle with a photo filter app, before posting it on social media.

This photo filter app needed access to John's phone to store and retrieve files from the gallery. Giving it permission meaning that the app can see John's entire gallery and see their attached metadata, rather than only the playground selfie they just took.

When posting the edited photo to social media, the app can link John’s current online activity to a trove of data collected by other apps, and can also include other data the trackers have previously gathered, such as his demographic information and purchasing habits.

Add those to John's email address and phone number, data broker can create a very capable advertising identifier.

And as when John and Emma got home and search for a kid movie using an app installed on their smart TV, the cycle of tracking relentlessly continues.

Father and daughter
Credit: Apple
"At the end of the day, a number of companies John has never interacted with, all around the world, have updated their profiles with information about him and his daughter. These companies know the family’s house location, the park they visited, the news websites they read, the products they browsed, the ads they watched, their purchasing habits, and the stores they visited."

In this father and daughter story, Apple explained that what John and Emma did were seemingly innocent series of actions.

But behind John and Emma's back, there are hundreds of data brokers that work 24/7 to collect user data. One data broker can process 700 million users, creating thousands of user profiles. As a result of this, the data that is sold can power billions of eerily accurate targeted ads.

While developers can say that their apps gather users' location data which are then anonymized, data brokers can cleverly stitch users' location history from the apps they used, and with other apps they used on other devices. Data brokers can create a comprehensive profile about users, by understanding their activities and movements.

In other words, information can be tracked across different apps and from multiple sources.

In Apple's case study, this data is then sold to companies or organizations who wish to target people like John.

"Privacy means peace of mind, it means security, and it means you are in the driver's seat when it comes to your own data," said Apple software engineering chief Craig Federighi, in a statement shared today.