Connect with us

Data Breach

Ads in your favorite apps are giving hackers your location data

Ads on Tinder, Candy Crush, VPN services, and more are exposing your location data to hackers.

Image: Secure List

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

Sharing location data with smartphone apps involves a degree of trust. Users often grant permissions to apps they use frequently, assuming their data will be handled responsibly.

However, a recent report of a massive hack targeting Gravy Analytics, a data broker, has exposed alarming practices that jeopardize the privacy of millions of users.

The report revealed troubling practices by third-party entities that exploit popular apps to track user’s location data.

Hackers are using ads on your favorite apps to track you 

ios privacy settings menu showing individual app options
Image: KnowTechie

Most apps today rely on advertisements to generate revenue, often sharing user data with advertisers during real-time bidding (RTB).

In this process, ad firms compete to display targeted ads to app users, with location data being a key component. 

Historically, data brokers needed to embed code within apps to access such information.

Now, RTB enables them to bypass this method, as apps share user data—such as location—directly with advertisers.

Gravy Analytics has been found collecting vast amounts of geolocation data, obtained mainly through IP addresses rather than GPS.

The data includes smartphone coordinates and is reportedly sold to government and commercial entities. 

It raises serious concerns about potential illegal surveillance and misuse of user data.

Investigative journalist Joseph Cox on Wired and 404Media and security researcher Krzysztof Franaszek revealed the scale of the breach, which affects over 12,000 apps across Android and iOS. 

Popular titles implicated include dating apps like Tinder and Grindr, period tracking apps, VPN services, flight tracker Flightradar24, and games such as Temple Run and Candy Crush.

Many app developers, including Tinder and Grindr’s parent company Match Group, denied any relationship with Gravy Analytics.

The breach demonstrates how data brokers exploit systemic vulnerabilities without developers’ awareness. Hackers shared hacked data on cybercrime forums, with details and screenshots highlighting its operations.

The fallout from this breach is significant, as it exposes widespread industry practices that compromise user privacy. 

Got any thoughts on this ad privacy practice? Do you want to implement an ad-blocker on your network after learning about this? Tell us what you think below in the comments, or ping us via our Twitter or Facebook.

Follow us on Flipboard, Google News, or Apple News

Ronil is a Computer Engineer by education and a consumer technology writer by choice. Over the course of his professional career, his work has appeared in reputable publications like MakeUseOf, TechJunkie, GreenBot, and many more. When not working, you’ll find him at the gym breaking a new PR.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Data Breach