Repeatedly Hacked T-Mobile Ramps Up The Sale Of User App Download And Behavior Data
from the collect-ALL-the-things! dept
T-Mobile hasn’t been what you’d call competent when it comes to protecting its customers’ data. The company has been hacked numerous different times over the last few years, with hackers going so far as to ridicule the company’s lousy security practices.
A responsible company might slow down on data collection until it was certain it had figured out how to protect the data it collects. But this being the United States, where there’s no real accountability for companies with lax privacy and security standards (outside of four days or so of mean Tweets), T-Mobile has announced that it’s dramatically expanding its collection of user browsing and app download data.
The effort is part of T-Mobile’s new “App Insights” adtech product that was formally launched recently. App Insights will allow marketing companies to further track and target T-Mobile customers based on which apps they’ve downloaded and their “engagement patterns” with said apps — namely how often they use them, how long they remain open on the device, and other metrics.
As Gizmodo notes, there won’t be many restrictions, allowing microtargeting folks by sexual orientation:
T-Mobile also won’t stop marketers from taking things into their own hands. One ad agency exec that spoke with AdExchanger said that one of the “most exciting” things about this new ad product is the ability to microtarget members of the LGBTQ community. Sure, that’s not one of the prebuilt personas offered in the App Insights product, “but a marketer could target phones with Grindr installed, for example, or use those audiences for analytics,” the original interview notes.
The timing of this dramatic expansion in user app data monetization, at a time when abortion bans and potential vigilante action are forging a profound new seriousness in consumer app policy concerns, is a fairly telling representation of how worried a company like T-Mobile is about privacy-related oversight coming from a generally over-extended, under-funded, and under-staffed FTC (as in, not at all).
As with so many modern companies, T-Mobile over-collects data, then doesn’t take the necessary steps to protect said data. It then lobbies U.S. lawmakers to ensure we don’t shore up U.S. privacy protections (as it did when Congress gutted the FCC’s fairly modest broadband privacy rules), and the cycle repeats itself in perpetuity. Making money is, quite literally, the only policy consideration that matters.
Filed Under: adexchanger, ads, consumers, data, ftc, privacy, surveillance, telecom, tracking
Companies: t-mobile
Comments on “Repeatedly Hacked T-Mobile Ramps Up The Sale Of User App Download And Behavior Data”
T-Mobile privacy policy
We collect all your data, and sell it to those who will pay, and give it to those who expend a bit of effort to hack our systems.
legislation
I wonder if any territory has established a useful and largely successful (with some bugs to be ironed out) legislative framework that gives the individual rights around their data, and protects, for example, extremely personal information such as sexual orientation.
I know it’s not fashionable to cite the GDPR around here, but there are some successes therein. It is forcing companies to take the principals seriously, even if you don’t like the over-reach of the right-to-be-forgotten.
Re:
I agree. There are some good parts to the GDPR amongst the bad, so instead of it being scrapped entirely, the good parts should remain law and the bad parts not. Unfortunately, MEPs tend to be like Republicans in at least one way: both groups are fond of over-reach.
Opt out now!
T-Mobile app -> Account -> Profile Settings -> Privacy & Notifications -> Advertising & Analytics
Probably not 100% effective, but can’t hurt
Re:
But I don’t need to do that; I’m not with EE. 😉
New reason to hack T-Mobile
Corrupt the data…
how can any responsible person condone this shit? i assume the excuse being used is that it’ll mean more money for ‘that responsible person’ and the cronies who back him just to get a bigger share of the pot while saying ‘fuck you’ to the customers, yet again!!
Being responsible.. that's a good thing, right?
Karl, you write:
Sure. And TMO is responsible? Like AT&T? VZW?
They are all “we will betray you but don’t worry you can have a year of LifeLock later” responsible.
How to solve:
1. Daddy needs to come home sooner.
2. Spank the bad children.
3. Real penalties for having not done it right before, multiplied each and every time they do it wrong.
4. Removal of licensing to continue operating once they’ve done this.
Want to stand up for #4 here? It would take some effort, and some balls. It would, however, resolve this issue once and for all. I’ll put it again in simple words:
If you company, on a second time or more, has allowed customer private information to be released, your company MAY NOT offer any services to consumers until it has fixed its processes, documented those fixes, and have a regulator sign off that they are fixed.
E
Re: A small change, if you please.....
I’d suggest that everything be signed off not by a single person, probably a government goon that can be purchased for a nominal sum, but instead have a 5 or 7-person review board consisting of recognized security experts, and having no government-employed asshats. Think of something along the lines of UL (or CSA in Canada), and you’re pretty close to what I’m thinking of here.
Re:
How to solve:
1. Daddy needs to come home sooner.
2. Spank the bad children.
No matter how bad the problem is, child abuse is no solution to it.
Re: Re: Child abuse
Absolutely.
Thank you for that reminder.
Why would anyone pay for something that can be easily acquired for free because it’s very poorly secured beats me. In both cases the receiving end of the data trove is going to remain anonymous.
Re:
Not related but maybe somebody else had this problem and I don’t quite know where to ask this: I usually post without logging then I claim the comments when I eventually login. What happened to that page?
Re: Re:
Lost to Techdirt’s current coding issues, perhaps. Maybe it’ll come back soon.
Re: Re: Re: Quality is job 1
TD has spent pretty much two years on this, except with people (fans? customers?) reading around the entire world.
I do wish them well with this process. They do ALL work hard, and these “bugs” we readers see, they see also.
There are many of us who are fans here. Paul, That, etc. I read your posts and you read mine. We may not agree, but I think we still wish these people the best.
Best wishes to eventually having a “perfect’ site.
E
Re: Re: Re:
Careful. According to Tooms1275, Techdirt has no bugs or glitches despite the evidence provided by a double post with the exact same wording, posted in the exact same minute by the exact same individual proving otherwise.
Someone want to drop a note to CPAC & mention that T-Mo will be letting advertisers microtarget those with Grindr installed?
I have a feeling Congress might finally act.
Re:
Broaden it; say ‘dating apps’. How many in Congress, straight or otherwise, do you reckon are cheating on their partners?
Re: Re:
looks at the leader of the GQP who has a long history of adultery, cheating, banging hookers and they ignore it
Yeah no, finding out the golden boy is gay is the only thing the GQP can get upset about these days.
Given how many male escorts are booked during CPAC, I think it would just shock them… sort of like how they are busily trying to destroy Drag Queen Story Time while actively ignoring their own churches are covering up and enabling sexual predators.
How exactly would T-Mobile get the app data? Shouldn’t said data on the Play Store or App Store be encrypted in transit?
Re:
This is exactly why I sideload apps and deny them all unnecessary permissions. I find it’s better to quarantine an app with airplane mode until I’ve turned that permision off by not having my data turned on whilst installing it, making it much easier to also turn off the Activity Permission requested by SoundHound, for example, since that also needs Internet access.