Giving away all manner of personal information is only a tap away on your phone settings, as the fitness tracking site’s blunder has shown.
It was a great PR move: in November fitness tracking company Strava launched an updated global heatmap that visualised all the location data that its users had been collectively broadcasting, revealing popular running spots around the world. It is a fascinating visual, but it accidentally pinpointed the location and layout of secret military bases where fitness-conscious soldiers had been running around with their fitness trackers or phones. Whoops.
In 2016 a security researcher in Japan discovered that it was perfectly possible to determine a person’s exact location through exploiting weaknesses in the gay dating app, Grindr. In 2010 Foursquare, the social service that encouraged its users to “check in” at popular locations, made the fairly consequential error of publicly broadcasting all of that data by accident. These incidents reveal what can happen when we feed our location data and private information into huge anonymised banks.
Our personal data is the trade-off for these exceptionally useful free services. Unfortunately there is no option to pay, say, Google Maps a fee instead, so we’re either stuck looking at static paper maps like a 1990s backpacker or telling an anonymous data bank where we are at all times of the day and night. It would be reasonable to expect that apps and services only transmit information on our data when we’re actively using them, but in fact it happens far more often. A 2015 study by Carnegie Mellon University found that apps such as Facebook were pinging location data back to their developers thousands of times a week.
The study also found that once people were made aware of the scale of data-sharing they became much more reluctant to use the services in question. When you tap “Allow this app to access location data?”, you don’t think you’re giving consent to being constantly monitored. But that is exactly what is happening. Often users are broadcasting their data and giving consent for companies to use it however they want, without even being aware of doing so.
As Strava has pointed out in the wake of this latest incident, there is an opt-out function that will prevent it from publicly broadcasting your location. This is how most apps work: rather than approving access to your data, you have to opt out once you’ve signed up. This option is always hidden behind a few menus.
In its latest statement, Strava claims that it is “committed to helping people better understand our settings to give them control over what they share” – a message often echoed by social media companies. Companies such as Google and Facebook are understandably cagey about how many people actually use these privacy features. When this data is the entire business model of these companies, what motivation do they really have to stop collecting it?
Here’s something for you to try. Are you one of the billion people who use Google Maps? Launch the app on your phone, tap the menu icon (three horizontal lines), then tap “Your Timeline”. Unless you have specifically turned off Google’s access to your location data – which few of us have – you will now see a map of your exact movements, every single day, stretching back for as long as you have been walking around with your phone. You can use the calendar view to see exactly where you have been on a given day. If this horrifies you, you are not alone.
Next time an app asks for access to your location data, think about saying no. It’s easy to be blase about giving services access to all manner of personal information when all it takes is a tap.
• Keza MacDonald is video games editor at the Guardian