How Facebook tracks you on Android (even if you don’t have a Facebook account)
Suppose you’ve picked up an Android phone on the street and you saw the 4 apps above. Can you guess the profile of the phone user?
Your guess is likely to be that the user is a ‘she’, her religion is Muslim, perhaps looking for a job recently, and she’s either a mother or someone who is into virtual cats.
Yes, in essence, that’s how Facebook profiles you if you own these apps in your Android phone. Now, let’s talk about the ‘how’.
I wrote this article to inform the general public on how these tech companies collect our data and how we can protect our digital privacy. My job is to “de-jargonise” the research, not to be 100% technically accurate (although I will do my best to be).
Just a heads up, I am not an expert in the data privacy domain; I just consider myself more of an intermediate developer. So if you have detected any technical inaccuracies, please point it out and I will send you a 💌.
According to Privacy International, research done by the University of Oxford has suggested that approximately 42.55% of the free apps in the Google Play Store could share data with Facebook.
Out of the 42.55%, this study picked 34 apps, based on the fact that they have either a huge number of installations, or they involve sensitive information such as religion and health, or they are simply utility apps (You know, torchlight, QR code scanner, fart sound etc).
Out of the 34 apps, over 61% of them automatically transfer data to Facebook the moment a user opens the app.
“…the moment a user opens the app”. That means, there is no chance for the app to ask permission from the user to grant/deny the sharing of personal data.
Take Kayak for example. If you are unsure what’s Kayak, it’s a travel metasearch engine. It allows you to search for flights, hotels, and cars if you are going on holiday.
Action 1: You tap on the application icon.What happens: The application is initialised and the following data is sent to Facebook immediately.
The highlighted word “anon_id” stands for anonymous id. Basically, you are identified as XZdfd5f00f-9271–4e82-a8ce-6cea1d38b6d3. Facebook does not know your actual name, but that doesn’t matter. There’s a term for that; it’s called shadow profiling.
It’s comical to know that Kayak confidently declares this message “Don’t worry, we’ll never share anything without your permission” at its login screen even though it shares data the moment you open the app. In Kayak’s defence, the SDK is built by Facebook, so Kayak should not shoulder the entire blame here. To be fair, Kayak no longer shares data instantaneously with Facebook as of this writing.
Action 2: You search for a flight with 1 economy passenger from London (Gatwick) to Tokyo on the 2nd December, returning on the 5thWhat happens: The search is initialised and the app sends the following to Facebook.
In a span of a minute or two, Facebook took notice of this random person who wants to travel from London to Tokyo in December and he’s travelling alone. This data is harvested from a single person with a single device at a single search.
Imagine you close the Kayak app and switch to (say) “Amazon”. Facebook knows that you have these 2 apps and it will probably start to put you into categories like “preparing for holiday” or “affinity for winter clothes”.
The bottom line is that Facebook harvests billions of data points every single day, even from users who made a conscious effort to stay away from Facebook. That’s how creepy it is.
Stay in a cave.
The best defence is, of course, getting yourself off the internet. That means, no Facebook, no Google search, no YouTube, don’t hang out with friends who love to take selfies and buy airline tickets at the booth. But we all know that that’s kind of impractical in this day and age. But there are certain ways to limit the reach of these tech companies into your personal life.
Here are 5 suggestions:
Android Phone: Go to settings > Google > Ads > Reset advertising identifier
iPhone: Go to settings > Privacy > Advertising > Reset advertising identifier
Android: Go to Settings > Google > Ads > Opt Out of Personalized Advertising
iPhone: Go to settings > Privacy > Advertising > turn on ‘Limit Ad Tracking’
3. Review permissions (Very annoying)
Do you notice that apps these days have been asking for permissions before you carry out a simple task like importing a photo or opening a map? Yeah, it’s irritating but it’s crucial. This allows you to have greater control of your privacy. Not perfect, but at least it helps to a certain extent.
Brave (as opposed to Google Chrome) is a web browser which focuses a lot more on data privacy.
DuckDuckGo (as opposed to Google Search) is a search engine which distinguishes itself from other search engines by not profiling its users.
Education is the most powerful weapon. There are tons of articles and YouTube videos explaining how computers and network works; go read them up.
However, if the content is too complex, especially for the older generations and the newcomers (aka your children), you can check out Potato Pirates -Enter The Spudnet. It’s a board game that’s developed to teach cybersecurity and computer networking without computers.
After the Facebook-Cambridge Analytica data scandal, people are starting to take notice of the importance of digital privacy and the government has been implementing measures after measures to curb the big companies from being overly intrusive in terms of data collection. One prominent move is the implementation of the General Data Protection Regulation (commonly known as GDPR) in the EU. It basically sets a compliance framework that companies need to comply with. While it’s heartening to know that the government has made progress to protect us, we need to do our part as well.
I hope this article is useful to you. Do drop me a response if you would like to discuss this topic further.
We just sent you an email. Please click the link in the email to confirm your subscription!