Quote:

---

As first reported by 404media, hackers have compromised location aggregator Gravy Analytics, stealing "customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples' precise movements." This has dumped a trove of sensitive data into the public domain.

This data is harvested from apps rather than the phones themselves, as EFF explains, "each time you see a targeted ad, your personal information is exposed to thousands of advertisers and data brokers through a process called real-time bidding' (RTB). This process does more than deliver adsit fuels government surveillance, poses national security risks, and gives data brokers easy access to your online activity. RTB might be the most privacy-invasive surveillance system that you've never heard of."


This particular leak has spawned various lists of apps, allegedly "hijacked to spy on your location." As Wired reports, these include "dating sites Tinder and Grindr; massive games such as Candy Crush, Temple Run, Subway Surfers, and Harry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with more than 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo's email client; Microsoft's 365 office app; and flight tracker Flightradar24.... religious-focused apps such as Muslim prayer and Christian Bible apps, various pregnancy trackers, and many VPN apps, which some users may download, ironically, in an attempt to protect their privacy."

---