This Week in Security: Enemy of The Privacy State

How One Company Is Tracking 10 Million Smartphones

A recent study by two college students focusing on how individuals spent less time with opposing political party family members during Thanksgiving, has exposed the deep tracking capabilities of a small company named SafeGraph.

In what is hauntingly familiar to the Carrier IQ scandal, this relatively under-the-radar company has been collecting data on 10,000,000 smartphones and is able to identify 17,000,000,000,000 (that is 17 trillion) unique location points that people spend time at.

To fuel this massive data collection scheme, SafeGraph appears to use several sources to collect data. The primary source appears to be application developers themselves, where they incentivize developers creating location aware apps – like that innocent looking weather app or any app that requires you to turn on GPS to use it. By luring these developers into using their API, they are given free GPS location lookup and data points to enrich their own data while in turn their data and requests go to SafeGraph.

Alternatively, SafeGraph has also implemented their tracking data in third parties as well, basically allowing any application that may do lookups or use location data to send back to them even if not directly. In addition to “a device’s precise geographic location,” SafeGraph states they will also collect “other mobile identifiers such as Apple’s Identifier for Advertisers (IDFA), Google Android IDs, and other information about users and their devices,” according to their privacy policy.

With $16M in investment this year, it seems that SafeGraph is a force that will continue to thrive in an environment where users are being more open about sharing the data location in order to get location data, special features and unlockable items in apps.

Furthermore, the creepiness factor is cranked up to 11 by a (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Cylance Research and Intelligence Team. Read the original post at: https://threatmatrix.cylance.com/en_us/home/this-week-in-security-11-17-2017.html