Could your app data be used against you (specifically)?
Updated: Jul 30, 2021
A fear the world has had for a while now has finally started rearing its ugly head in a reality. People's individual data, that they allow apps to have, is being purchased and weaponised against them.
There have been a few large-scale and significant data breach scares in the last few years. People's hesitance to register their data has steadily grown in the last few years, you'll likely remember Australians reluctance to join the online health record.
This was based in concerns that had been stoked by scandals such as the Ashley Madison data breach, when the details of 32 million users were taken and eventually leaked online. Of course in this instance hackers chose a morally dubious platform, which meant that they were inherently ousting all users by publishing their information.
A recent case however has shown how one person's data can be specifically and maliciously sought out and abused.
A catholic Substack publication called The Pillar, purchased and used sensitive location data from Grindr to track the movements of a high-ranking priest, and publicly out him to the community without his consent. This is Gizmodo explaining how such a thing occurred, and could easily happen again:
“Commercially available app signal data does not identify the names of app users, but instead correlates a unique numerical identifier to each mobile device using particular apps,”...“Signal data, collected by apps after users consent to data collection, is aggregated and sold by data vendors. It can be analyzed to provide timestamped location data and usage information for each numbered device.”
When those trying to out the priest recognised work and home locations listed it became easy to tie him to the other locations that he wouldn't want shared publicly.
this isn't the first time it's happened however...
At the start of the year when rioters stormed the US Capitol, app data was also used to target criminals. Unsurprisingly the media (or the media that I read) was less concerned about this specific example, but it was still discussed as a scary precedent for cases like the more recent one.
Interestingly, prior to even the riots, in January of this year, the Norwegian government fined Grindr over $16million AUD equivalent for sharing personal data with advertisers, ominously noting at the time "an app for the gay community, that argues that the special protections for exactly that community actually do not apply to them, is rather remarkable". The fine was 10% of Grindrs global annual profit and serves as a warning for us marketers to better handle what is genuinely personal and sensitive information of our customers.