Yes, your phone is tracking you via advertising ID, and companies are using it to sell your location and identity to anyone. Protect yourself by disabling this feature on your device.
I'm re-posting this because it is so CRITICAL. In fact, even the NSA just released a warning recommending to reset advertising ID on a weekly basis.
I have posted this critical privacy and security tip twice in the last year because it is so important. I am re-posting it this week because recent news serves as a harsh reminder of the risk of advertising ID to your personal privacy.
This past week, even the NSA warned staff that smartphone apps can track them. Here are their recommendations to avoid tracking (article by Business Insider).
The NSA published its guide “Limiting Location Data Exposure“ here. Among other things, it recommends resetting your advertising ID weekly. Many of its suggestions are geared toward a government or military audience, so some are not realistic for the average user.
This is all in response to the Gravy Analytics breach that exposed location data on millions of people. Data like this can easily lead to unique identification Companies like Gravy Analytics garner location information from tracking advertising IDs and buying data from 3rd party apps in which you’ve given location permissions.
So, if you haven’t done it yet, do it now, Disable the advertising ID on your phone.
This post is simple. Disable the advertising ID on your phone. Disable it for everyone in your household. That’s it. That’s all you need to do. It takes less than 1 minute. If you don’t know how, you can read more about it below or Google “turn off ad tracking ID.” Just do it.
Here’s why: the ad tracking ID on your phone uniquely identifies who you are and where you are. This information is available to anyone who is willing to pay for it. If your ad tracking ID is enabled, anyone can find out where you live, work, and go.
I published a post about this topic (see below) in February 2024.
If you read that post and followed that advice, you are eight months ahead of the game when it comes to protecting yourself! Great job!
I’m posting about this again because of a news cycle that hit last week, prompted by several news organizations reporting on a lawsuit against a surveillance data company called Babel Street. Here’s one of the articles: “The Global Surveillance Free-for-All in Mobile Ad Data" by KrebsOnSecurity, which details how this company uses ad data to track individuals’ location using their devices.
Unfortunately, this article and this practice are not surprising to me. This is why I published a post on disabling your advertising ID eight months ago. It is definitely a good reminder of why subscribing to Tate’s Online Safety is valuable!
Here are some choice quotes:
One unique feature of Babel Street is the ability to toggle a “night” mode, which makes it relatively easy to determine within a few meters where a target typically lays their head each night (because their phone is usually not far away).
The Mobile Advertising ID or MAID — the unique alphanumeric identifier assigned to each mobile device — was originally envisioned as a way to distinguish individual mobile customers without relying on personally identifiable information such as phone numbers or email addresses.
However, there is now a robust industry of marketing and advertising companies that specialize in assembling enormous lists of MAIDs that are “enriched” with historical and personal information about the individual behind each MAID.
What can you do to protect yourself?
Two easy things you can do to minimize your risk of third-party location and ad data being used to uniquely identify who you are, where you are, and what you do.
1. Disable the advertising identifier (ad ID) on your devices
This will prevent your data from being uniquely identified to you.
The advertising ID on your phone enables these data companies to aggregate data from different sources, which can make it trivial to identify someone uniquely. If I can tie multiple data sources to a common unique ID, it’s much easier to deanonymize data.
For example, suppose I know that a phone with ad ID 1234 spends most nights in location X and most days in location Y from a map app and a weather app, it narrows down that phone to a person who lives in X and works in Y. Using other sources like property records and LinkedIn, I can probably uniquely identify who that person is. If I also know that ad ID 1234 uses Grindr, I can determine who that individual is and that they are using a specific app.
Turning off the ad ID on your device will make it harder for companies to do this to you because you won’t have a unique ad ID for your phone anymore. This way, even if your data gets put into a database, it’s not tied to one unique identifier.
For Android: Go to “Settings” → “Security & Privacy” → “Privacy” → “Ads” → “Delete advertising ID”. Delete it!
For iOS Step 1: Go to “Settings” → “Privacy & Security” → “Apple Advertising” → Turn off “Personalized Ads”
For iOS Step 2: Go to “Settings” → “Privacy & Security” → “Tracking” → Do not “Allow Apps to Request to Track”
Bonus tip: Only “enable location” for a small number of trusted apps
To prevent your data from being shared, when downloading an app on your phone, don’t unquestioningly enable location services. Instead, only provide location access to the bare minimum of trusted apps and never offer it for apps that don’t need it. Also, it’s always better to “enable only when using” over “always”.
You can learn more about preferred location settings and how to check which apps have location privileges in my post here:
Stay Safe!
Tate