Stay in touch.
Sign up to our newsletter to get our latest product updates, news and exclusive content
Les Blythe
Have you ever wondered how the apps in your phone collect your personal data and how organizations and companies are handling that data? Data privacy awareness is increasing among digital users these days. According to Cisco's consumer privacy survey in 2019, 48% of the privacy-active respondents indicated they had already switched companies or providers because of their data policies or data sharing practices.
In this article, we will:
Personal data protection is a hot topic that was once again thrust into the spotlight in a recent opinion piece in the New York Times following the storming of the Capitol in Washington DC. Protesters’ smartphone apps tracked their movements and individuals were able to be identified when their smartphone data was leaked.
Certain services such as mapping apps, ride-sharing (Lyft, Uber, Lime, Bird), weather apps, and dating apps rely on knowing your location data to offer enhanced, personalized functionality. Pointr Deep Location®, for example, needs location data to serve up blue dots and other functionality when users are navigating a corporate campus, a hospital, a shopping mall, or any other complex building.
But simply gathering location data is not really the issue. That single nugget of data is not the whole story; it’s what’s done to enhance the information that becomes problematic.
In this article, we’ll investigate how easy it is to re-identify and enhance seemingly de-identified data and the part big data plays in the process. We’ll discuss who wants users’ personal data and for what purposes.
We’ll also explore Pointr’s best practices and how we ensure location data can never threaten our users’ privacy because we don’t collect device IDs or use vulnerable technologies such as WiFi. We’ll illustrate why we can confidently stand behind our promise of location privacy by design - the very principle our indoor location technology is founded on.
Modern app developers need to develop their offerings quickly and get them to market. This means it’s not practical, cost-effective, or even within their skill set to build apps from the ground up. App developers make use of free SDKs (Software Development Kits) supplied by third parties to speed up the process.
For example, if an app needs to log into Facebook as part of its build, the developer wants Facebook’s login SDK. Because an SDK is only essentially a set of tools to enhance an app’s functionality and does not have communication capabilities per se, the developer also needs Facebook’s API (Application Programming Interface) to enable communication. Similarly, Google Maps needs to communicate with your device to understand where you’re located in order to plan a route to your desired destination (and communicate it back to you).
The issue comes from the fact that the developer doesn’t know, or even care, about what information is sent back to Facebook in our example. Considering Facebook’s revenue from ads was in excess of $84 Bn in 2020 (source: Statista) their interest in collecting personal data for targeting and retargeting ads is obvious.
The key to understanding the part trackers hidden in mobile device apps play in helping to re-identify a supposedly anonymous device ID lies with big data. Data brokers and companies such as Facebook, Instagram (a Facebook company), Uber, etc. have access to huge amounts of personal data which they can slice and dice at will.
So, for example, device ID x will be at a certain point at a certain time and the information is collected courtesy of the previously discussed SDK and API. Now, these companies have many databases in their possession, so as long as another database containing, say, your name, contains the same device ID they can instantly cross-reference. Another database contains your device ID and your email, so they have that too. By aggregating data in this way, it’s possible they know virtually everything about you and therefore target you with advertising relevant to your current location, and your preferences based on previous browsing and other online activity.
Companies that produce SDKs will cover their tracks by saying they only collect an anonymous, unidentifiable device ID. But, as we have clearly seen, that’s just the start of piecing together a complete profile of exactly who is where and when.
Overall, social media platforms consume the largest amount of personal data. While that may come as no surprise, the percentage of the overall types of data they collect is interesting. In a study conducted by clario.co that analyzed the types of personal data collected such as email, name, age, race, and more (in excess of 35 data points), live location data was gathered by 7 of the 10 companies that collect our personal information the most. The top ten looked like this:
# |
Company |
% Data Personal Data Collected |
Live Location Collected |
1 |
|
79.49% |
Yes |
2 |
|
69.23 |
Yes |
3 |
Tinder |
61.54 |
Yes |
4 |
Grindr |
58.97 |
Yes |
5 |
Uber |
56.41 |
Yes |
6 |
TikTok |
46.15 |
No |
7 |
Strava |
43.59 |
Yes |
8 |
Tesco |
35.9 |
No |
9 |
Spotify |
35.9 |
No |
10 |
Myfitnesspal |
35.9 |
Yes |
At Pointr we take our users’ personal data security extremely seriously. Our users can be fully confident they are in complete control of their data at all times, here are just a few personal security highlights of Pointr Deep Location®.
Pointr Deep Location® was built from the ground up and is radically different from how apps using free SDKs in conjunction with APIs function to collect and distribute device IDs. Pointr is built on enterprise-grade systems such as Microsoft Azure, which meets all modern security standards.
We do not collect device IDs at all. A user with the Pointr app installed is assigned a unique ID by our app which is totally unrelated to the ID of the device they’re using. It’s impossible, therefore, to cross-reference data to build a user profile, no matter how much big data you have at your fingertips. The process can’t even begin as there is no common reference point across data sets.
Pointr does not store customer data on its own servers, and therefore data is anonymous by default. Venues, where Pointr Deep Location® is deployed, own the data.
We employ strong data security processes - data is secured, encrypted, and is never shared with external people or companies.
Pointr Deep Location® collects all personal information anonymously. Pointr’s SDKs do not collect any data through apps without a user’s permission. We equip people and businesses with transparent consent and preference management tools to help them stay in better control of their location data.
We use effective measures to protect data against unauthorized access, use, modification, or loss. All servers and systems are kept up to date with recent patches in line with Microsoft Azure standard policy, including virus scanning of files for all employees with access to our secure VPN.
Data is secured and encrypted in transmission to the database and when stored on the database, with no access possible from the internet (only through our secure VPN and with the right credentials).
All-access to the system, both internally and externally, is logged to prevent malicious interactions and Pointr has reported on unexpected access, both based on password hacks and on unexpected endpoints.
We work closely with our clients to ensure all the latest data privacy policies and requirements are up to date. We work with major customers in healthcare, smart workplace, retail, and aviation across North America, Europe, and Asia including UCHealth, international corporations (CBRE), the U.S. Department of Homeland Security, U.S. Airports (Washington Regan and National), two major U.S. Airlines and one of the major U.S. department store retailers across 1,000 locations with millions of mobile application users. Pointr’s information security has been approved by Cisco, Siemens, Extreme Networks, CBRE, ISS, DHS, and many others.
Pointr is a global leader in indoor location. Pointr's Deep Location® technology uses machine-learning techniques to create the best performing and the most scalable indoor location technology available today. Our technology is ISO 27001 and ISO 27017 certified and used by Cisco, Microsoft, Siemens, Extreme Networks, CBRE, ISS, DHS, and many others.
Deep Location® enables location-based services such as digital mapping, navigation, location tracking, geofencing, and powerful location-based analytics. We work with major retail, smart workplace, aviation, and hospitality across North America, Europe, and Asia.
If you're interested in finding out more about Pointr Deep Location®, please contact our team.
Author: Les Blythe
Les Blythe
A long-time technology writer, Les' expertise covers a wide range of technology topics. His work for the Pointr website is heavily influenced by his experience working with major Fortune 100 companies, which has enabled him to develop a strong appreciation of how Pointr's cutting edge technology intersects with the real-world needs of major businesses across the globe.
Sign up to our newsletter to get our latest product updates, news and exclusive content