Within a year, Google plans to stop supporting so-called third-party cookies, a technology that advertisers have used for decades to track users, in its Chrome browser.

But this doesn’t mean such tracking will simply stop. It would be odd if the tech giant, whose revenue comes mostly from online advertising, voluntarily gave up the ability to collect user data. Instead, third-party cookies will be replaced by a new technology — Google Ad Topics. In fact, Google Ad Topics is already here: the company integrated it into the Chrome browser this summer and recently started to roll it out to the Android operating system.

In this post, we explore how Ad Topics works, where to disable it in the Chrome and Android settings, and what else you can do to avoid being tracked by online advertisers.

A little history: Google Privacy Sandbox and FLoC

Let’s first go back a bit to Google Privacy Sandbox. This is what Google calls the entire initiative to abandon third-party cookies and replace them with different technologies for targeted advertising. Google first started talking about this initiative back in August 2019. As you can see, it’s taken them four years to develop specific solutions for phasing out cookies.

The purpose of this initiative is, on the one hand, to get rid of technology that’s widely perceived as a violation of privacy. On the other hand, Google wants to find a way to continue showing personalized ads to users — maintaining the competitive advantage that made it an internet giant.

If you look at the Wikipedia article on Privacy Sandbox, you’ll find a long list of candidate technologies that Google planned to use to move away from third-party cookies. However, in 2021, a technology called Google FLoC emerged as the primary candidate. Let’s discuss it in more detail.

What is Google FLoC?

FLoC (Federated Learning of Cohorts) was a technology proposed by Google aimed at changing the approach to targeted online advertising — making it more private. Instead of using individual user behavior data to personalize ads, FLoC grouped users with similar interests — meaning similar browsing histories — into “cohorts”. These cohorts were then assigned a unique identifier, which advertisers can use to target their ads.

One of the key advantages in terms of user privacy was that FLoC didn’t send user activity information to Google servers, but processed the data locally — directly on the user’s device.

It’s worth noting that, despite the name, FLoC didn’t actually use federated learning. Its use was initially planned, but it turned out that local computing was good enough.

What is federated learning? It’s a variant of machine learning — an alternative to the centralized learning approach. In centralized learning, data from all devices is uploaded to a central server where the AI model is trained. In federated learning, data isn’t sent to a central server; instead, local models are trained on local data directly on the devices. These devices then exchange the training results, rather than the user data itself, with the server. Based on the results of this local training, a global AI model is built — thus, the local AI models and the global AI model mutually train each other. This is all done to eliminate the need for centralized storage of user data.

As is often the case with attempts to have one’s cake and eat it too, the technology was criticized from both sides. Despite Google’s claims that FLoC is 95% as effective as third-party cookies, advertisers weren’t satisfied with the technology’s performance.

Privacy advocates, in turn, were extremely unhappy that FLoC didn’t adequately address user privacy concerns — and also that millions of Chrome users were included in the testing of FLoC without their consent. However, the main privacy concern regarding Google FLoC was its highly precise methods for categorizing users — the possible number of cohorts exceeded 30,000 — which allowed too much scope for user tracking.

A significant portion of the internet industry quickly took up arms against Google FLoC, including all Chromium-based browser developers — which refused to include FLoC in their products, and Amazon — which disabled FLoC on all its websites. Consequently, just a few months after the testing of FLoC began, Google decided to freeze the project. Already by early 2022, they officially announced the abandonment of FLoC in favor of another technology — Topics API.

What is Google Ad Topics (Topics API)

Google Ad Topics (also known as Topics API) is a technology that Google is currently planning to use to replace third-party cookies for targeted advertising. Ad Topics functions somewhat similarly to FLoC: it also relies on browser history (in the case of Chrome) or app usage (in the case of Android), through which a locally operating algorithm tries to identify user interests.

However, there are significant differences: while FLoC grouped users with similar interests into cohorts with unique identifiers, Topics API only compiles a list of things that interest the user — that is, “topics”.

At the time of writing this article, there were 629 such topics, but this list is constantly being updated, so the number will continue to grow. In Google Ad Topics, each webpage on the internet is associated with a certain topic. The algorithm constantly updates the list of Google topics assigned to the user based on what they’ve visited recently. Here’s how it works:

  • Every week, the user is assigned five topics based on the sites they visited the most that week.
  • Three lists of five topics each are created for the last three weeks.
  • A site that wants to show ads to the user requests the topics assigned to that user from Topics API. The algorithm randomly selects one topic from each of the three lists and provides the site with these three topics for displaying targeted ads.
  • The topics assigned to the user are stored for only three weeks. Older topics are deleted, and a list of five new topics is generated every week.

Since there is an element of randomness in the selection of topics, it seems that identifying a specific user or even a narrow group of users from such information is not so easy. Nevertheless, even soft and gentle tracking is still tracking, and targeted advertising is not to everyone’s taste. The good news is that Google allows you to not only manually configure Ad Topics but also to disable them altogether. For the sake of your privacy, we recommend doing this.

How to disable Google Ad Topics in the Chrome Browser

To disable Google Ad Topics data collection in the Chrome settings, go to Settings → Privacy and security → Ad privacy. The main point of interest on this tab is the first option, Ad topics. Click on this option and turn off the switch in the window that opens.

How to disable Google Ad Topics in the Chrome browser

Where to disable Google Ad Topics in the Android settings

Alternatively, you can go directly to the Google Ad Topics settings by entering the following path in the Chrome address bar:


While you’re in this part of the browser settings, it doesn’t hurt to disable two other options on the Ad privacy tab: Site-suggested ads and Ad measurement. That’s it! You’ve successfully disabled Google Ad Topics in the Chrome browser.

Note! Chrome settings are specific to each user profile. So, if you use Chrome with multiple Google accounts on the same computer, you’ll need to disable Ad Topics for each account separately. Go through all your Chrome profiles and repeat the steps above.

How to disable Google Ad Topics in the Android operating system

Disabling Google Ad Topics in the Android operating system must be done directly in your smartphone’s settings. To do this, go to Settings → Google → Ads → Ads privacy → Ad topics and turn off the switch in the window that appears.

How to disable Google Ad Topics in the Android settings

Where to disable Google Ad Topics in the Android settings

Again, since you’re already adjusting the privacy settings, go back to Settings → Google → Ads → Ads privacy and also disable App-suggested ads and Ad measurement. Now, go one step back to Settings → Google → Ads and click on Delete advertising ID.

Please note that this guide is for the standard version of Android. Depending on the manufacturer, smartphone model, and firmware version, the names of settings and paths might vary slightly. If you can’t find them following these instructions, try using the search in the Android settings.

Note! If you disable Google Ad Topics on Android and then receive a notification about “new ad privacy features”, Google Ad Topics might be re-enabled automatically. If that happens, it’s best to go to your smartphone settings and make sure it’s turned off.

How to opt out of personalized ads in the Google Account settings

Still with adjusting your privacy and ad settings, there’s one more thing worth doing: disable personalized ads for your Google account.

To do this, go to the Google’s My Ad Center page. If you haven’t disabled personalized Google ads yet, this page will be covered with colorful category and brand tiles. You can hang around here for a long time, choosing what kind of advertising you want to see.

Google My Ad Centre, where you can manage ad personalization

Google My Ad Center, where you can manage ad personalization

But don’t let the pretty advertising distract you — rather than choosing anything here, it’s best to just turn it all off. What you’re looking for here is a shy little switch at the top right of the page labeled Personalized ads — switch it to Off.

How to disable personalized ads in Google My Ad Centre

How to disable personalized ads in Google My Ad Center

Note! This setting is also specific to each Google account. Therefore, if you use multiple accounts, you need to disable personalized ads separately for each of them.

All set? Congratulations! You’ve now used all the available settings that help you avoid unnecessary attention from both Google and advertisers.

More privacy

But why limit yourself to the anti-tracking options Google provides in the settings of its products and services? It’s a good idea to use additional methods of combating data collection. In particular, we recommend the Private Browsing feature available in all our paid subscriptions — Kaspersky Standard, Kaspersky Plus, and Kaspersky Premium.

#optout #Google #Topics #greater #privacy

For popular messengers such as Telegram, Signal and WhatsApp, there are quite a few alternative clients (not to be confused with clients as in (human) customers; whoever opted this confusing language needs a good talking to) out there. Such modified apps — known as mods — often provide users with features and capabilities that aren’t available in the official clients.

While WhatsApp disapproves of mods — periodically banning them from official app stores, not only has Telegram never waged war on alternative clients, it actively encourages their creation, so Telegram mods are popping up like mushrooms. But are they safe?

Alas, several recent studies show that messenger mods should be handled with great caution. Although most users still blindly trust any app that’s been verified and published on Google Play, we’ve repeatedly highlighted the dangers: when downloading an app on Google Play, you could also pick up a Trojan (that one had more than a 100 million downloads!), a backdoor, a malicious subscriber, and/or loads of other muck.

This just in: infected Telegram in Chinese and Uyghur on Google Play

We’ll start with a recent story. Our experts discovered several infected apps on Google Play under the guise of Uyghur, Simplified Chinese and Traditional Chinese versions of Telegram. The app descriptions are written in the respective languages and contain images very similar to those on the official Telegram page on Google Play.

To persuade users to download these mods instead of the official app, the developer claims that they work faster than other clients thanks to a distributed network of data centers around the world.

Spyware versions of Telegram on Google Play

Simplified Chinese, Traditional Chinese, and Uyghur versions of Telegram on Google Play with spyware inside

At first glance, these apps appear to be full-fledged Telegram clones with a localized interface. Everything looks and works almost the same as the real thing.

We took a peep inside the code and found the apps to be little more than slightly modified versions of the official one. That said, there is a small difference that escaped the attention of the Google Play moderators: the infected versions house an additional module. It constantly monitors what’s happening in the messenger and sends masses of data to the spyware creators’ command-and-control server: all contacts, sent and received messages with attached files, names of chats/channels, name and phone number of the account owner — basically the user’s entire correspondence. Even if a user changes their name or phone number, this information also gets sent to the attackers.

Previously: spyware versions of Telegram and Signal on Google Play

Interestingly, a short while ago researchers at ESET found another spyware version of Telegram — FlyGram. True, this one didn’t even try to pretend to be official. Instead, it positioned itself as an alternative Telegram client (that is, just a mod), and had found its way not only onto Google Play, but into the Samsung Galaxy Store as well.

What’s even more curious is that its creators didn’t limit themselves to imitating just Telegram. They also published an infected version of Signal in these same stores, calling it Signal Plus Messenger. And for added credibility, they even went so far as to create the websites flygram[.]org and signalplus[.]org for their fake apps.

Signal Plus Messenger: a spyware version of Signal on Google Play and in the Samsung Galaxy Store

There’s a spyware client on Google Play for Signal too, called Signal Plus Messenger. (Source)

Inside, these apps amounted to full-fledged Telegram/Signal messengers, whose open-source code was flavored with malicious additives.

Thus FlyGram learned to steal contacts, call history, a list of Google accounts and other information from the victim’s smartphone, as well as make “backup copies” of correspondence to be stored… where else but on the attackers’ server (although this “option” had to be activated in the modified messenger independently by the user).

In the case of Signal Plus, the approach was somewhat different. The malware scraped a certain amount of information from the victim’s smartphone directly, and allowed the attackers to log in to the victim’s Signal account from their own devices without being noticed, after which they could read all correspondence almost in real time.

FlyGram appeared on Google Play in July 2020 and stayed there until January 2021, while Signal Plus was published in app stores in July 2022 and removed from Google Play only in May 2023. In the Samsung Galaxy Store, according to BleepingComputer, both apps were still available at the end of August 2023. Even if they are now completely gone from these stores, how many unsuspecting users continue to use these “quick and easy” messenger mods that expose all their messages to prying eyes?

Infected WhatsApp and Telegram spoof cryptowallet addresses

And just a few months back, the same security researchers uncovered a slew of trojanized versions of WhatsApp and Telegram aimed primarily at cryptocurrency theft. They work by spoofing the cryptowallet addresses in the messages so as to intercept incoming transfers.

Infected WhatsApp spoofs the cryptowallet address in messages

An infected version of WhatsApp (left) spoofs the cryptowallet address in a message to the recipient, who has the official, uninfected version of WhatsApp (right). (Source)

In addition, some of the versions found use image recognition to search screenshots stored in the smartphone’s memory for seed phrases — a series of code words that can be used to gain full control over a cryptowallet and then empty it.

And some of the fake Telegram apps stole user profile information stored in the Telegram cloud: configuration files, phone numbers, contacts, messages, sent/received files, and so on. Basically, they pilfered all user data except for secret chats created on other devices. All these apps were distributed not on Google Play, but through a variety of fake sites and YouTube channels.

How to stay safe

Lastly, a few tips on how to protect yourself from infected versions of popular messengers, as well as other threats targeting Android users:

  • As we’ve seen, even Google Play isn’t immune to malware. That said, official stores are still far safer than other sources. So, always use them to download and install apps.
  • As this post has made clear, alternative clients for popular messengers should be treated with extreme caution. Open source lets anyone create mods — and fill them with all sorts of nasty surprises.
  • Before installing even the most official app from the most official store, look closely at its page and make sure that it’s real — pay attention not only to the name, but also the developer. Cybercriminals often try to fool users by making clones of apps with descriptions similar to the original.
  • It’s a good idea to read negative user reviews — if there’s a problem with an app, most likely someone will have already spotted and written about it.
  • And be sure to install reliable protection on all your Android devices, which will warn you if malware tries to sneak in.
  • If you use the free version of Kaspersky Security & VPN, remember to manually scan your device after installation and before running any app for the first time.
  • Threat scanning is done automatically in the full version of our security solution for Android, which is included into the Kaspersky Standard, Kaspersky Plus, and Kaspersky Premium subscription plans.

#Spyware #versions #Telegram #Signal #Google #Play

Short links are everywhere these days. All these bit.ly, ow.ly, t.co, t.me, tinyurl.com and the like have long since become a familiar part of the online landscape. So familiar, in fact, that most users click on them without thinking twice. But thinking is never a bad thing. With that in mind, we explain below how short links work and what privacy and security threats they can pose.

What happens when you click on a short link?

When you click on a short link, you almost go straight to the intended destination, which is the address specified by the user who created the link. Almost, but not quite: the actual route takes a quick detour via the URL shortener service.

The more efficient the service, the quicker this takes, and the smoother the transition to the end stop. Of course, the delay feels insignificant only to a person — we humans are rather slow. But for an electronic system, it’s more than long enough to get up to all kinds of activity, which we’ll discuss below.

Why short links? The main reason is one of space: making a long link shorter means it takes up less of the screen (think mobile devices) and doesn’t eat up the character limit (think social media posts). Alas, that’s not all there is to it. The creators of short links may be pursuing their own goals, not necessarily driven by concern for users. Let’s talk about them.

Short links and user tracking

Have you ever wondered why many internet links are so long and unsightly? It’s usually because links encode all kinds of parameters for tracking click-throughs, so-called UTM tags.

Usually, these tags are deployed to determine where the user clicked on the link, and thus to evaluate the effectiveness of ad campaigns, placement on blogger pages, and so on. This is not done in the name of user convenience, of course, but for digital marketing.

In most cases, this is a fairly harmless form of tracking that doesn’t necessarily collect data from link clickers: often marketers are just interested in the source of traffic. But since this additional “packaging” doesn’t look very aesthetic, and often makes the URL insanely long, shortener services are often brought into play.

What’s more unpleasant from a privacy point of view is that URL shorteners don’t limit themselves to redirecting users to the destination address. They also tend to harvest a host of statistics about the link clickers — so your data ends up in the hands not only of the creator of the short link through embedded UTM tags, but also of the owners of the URL shortener. Of course, this is the internet, and everyone collects some kind of statistics, but using a short link introduces another intermediary that holds data on you.

Disguised malicious links

Besides violating your privacy, short links can threaten the security of your devices and data. As we never tire of repeating: always carefully check links before clicking on them. But with short links, a problem arises: you never know for sure where it is you’ll be taken.

If cybercriminals use short links, the advice to check them becomes meaningless: you can only find out where a link points after clicking. And by then it may be too late — if the attackers exploit a zero-click vulnerability in the browser, the infection can occur as soon as you land on the malicious site.

Short links and dynamic redirects

Cybercriminals can also use link-shortening tools to change the target address as the need arises. Suppose that some attackers bought a database of millions of email addresses and used it to send out phishing messages with some kind of link. But here’s the problem (for the attackers): the phishing site they created was quickly discovered and blocked. Rehosting it at a different address is not an issue, but then they would have to resend all the phishing mailshots.

The solution (again, for the attackers) is to use a “shimming” service, which makes it possible to quickly change the URL users will visit. And the role of “shims” here can be played by URL shorteners, including ones originally created with dubious intentions in mind.

With this approach, a link to the shimming service is added to the phishing email, which redirects victims to the phishers’ site at their currently active address. Often, multiple redirects are used to further muddy the trail. And if the destination phishing site gets blocked, the cybercriminals simply host it at a new address, change the link in the shim, and the attack continues.

Man-in-the-middle attacks

Some link-shortening tools, such as Sniply, offer users more than just shorter links. They allow tracking the actions of link clickers on the actual destination site, which is effectively a man-in-the-middle attack: traffic passes through an intermediate service node that monitors all data exchanged between the user and the destination site. Thus, the URL shortener can intercept anything it wants: entered credentials, social network messages, and so on.

Personal spying

In most cases, short links intended for mass use are placed in social network posts or on web pages. But additional risks arise if one was sent to you personally — in a messenger or an email to your personal or work address. Using such links, an attacker who already has some information about you can redirect you to a phishing site where your personal data is pre-filled. For example, to a copy of a banking site with a valid username and a request to enter your password, or to the “payment gateway” of some service with your bank card number pre-filled, asking you to enter a security code.

What’s more, such links can be used for doxing and other types of tracking, especially if the URL shortener service offers advanced functionality. For instance, our recent post about protecting privacy in Twitch looked in detail at ways to de-anonymize streamers and how to counter them.

How to stay protected

What to do about it? We could advise never to click on short links, but, in the vast majority of cases, URL shorteners are used for legitimate purposes, and short links have become so common that total avoidance isn’t really an option. That said, we do recommend that you pay special attention to short links sent to you in direct messages and emails. You can inspect such links before clicking by copying and pasting them into a tool for checking short links, such as GetLinkInfo or UnshortenIt.

However, there is a simpler method: a high-quality security solution with an integrated approach that takes care of security and privacy at the same time. For example, our Kaspersky Premium has a Private Browsing component that blocks most known online trackers and thus prevents your online activities from being monitored.

Our products also offer protection against online fraud and phishing, so rest assured that Kaspersky Premium will warn you in good time before landing on a dangerous site — even if the link was shortened. And, of course, the antivirus will guard against any attempts to infect your devices — including ones exploiting as-yet-unknown vulnerabilities.

#Privacy #security #threats #short #links

We all know that our phones know a lot about us. And they most certainly know a lot about where we go, thanks to the several ways they can track our location. 

Location tracking on your phone offers plenty of benefits, such as with apps that can recommend a good restaurant nearby, serve up the weather report for your exact location, or connect you with singles for dating in your area. Yet the apps that use location tracking may do more with your location data than that. They may collect it, and in turn sell it to advertisers and potentially other third parties that have an interest in where you go and what you do.  

Likewise, cell phone providers have other means of collecting location information from your phone, which they may use for advertising and other purposes as well. 

If that sounds like more than you’re willing to share, know that you can do several things that can limit location tracking on your phone—and thus limit the information that can potentially end up in other people’s hands. 

How do Smartphones Track Your Movements? 

As we look at the ways you can limit location tracking on your phone, it helps to know the basics of how smartphones can track your movements. 

For starters, outside of shutting down your phone completely, your phone can be used to determine your location to varying degrees of accuracy depending on the method used:  

  • GPS: The Global Positioning System, or GPS as many of us know it, is a system of satellites operated by the U.S. government for navigation purposes. First designed for national defense, the system became available for public use in the 1980s. It’s highly accurate, to anywhere between nine to 30 feet depending on conditions and technology used, making it one of the strongest tools for determining a phone’s location. This is what powers location services on cell phones, and thus can help an app recommend a great burger joint nearby. 
  • Cell towers: Cell phone providers can track a phone’s location by the distance it is to various cell phone towers and by the strength of its signal. The location information this method provides is a bit coarser than GPS, providing results that can place a phone within 150 feet. It’s most accurate in urban areas with high densities of cell phone towers, although it does not always work well indoors as some buildings can weaken or block cell phone signals. One of the most significant public benefits of this method is that it automatically routes emergency services calls (like 911 in the U.S.) to the proper local authorities without any guesswork from the caller. 
  • Public Wi-Fi: Larger tech companies and internet providers will sometimes provide free public Wi-Fi hotspots that people can tap into at airports, restaurants, coffeehouses, and such. It’s a nice convenience but connecting to their Wi-Fi may share a phone’s MAC address, a unique identifier for connected devices, along with other identifiers on the smartphone. Taken together, this can allow the Wi-Fi hosting company to gather location and behavioral data while you use your phone on their Wi-Fi network. 
  • Bluetooth: Like with public Wi-Fi, companies can use strategically placed Bluetooth devices to gather location information as well. If Bluetooth is enabled on a phone, it will periodically seek out Bluetooth-enabled devices to connect to while the phone is awake. This way, a Bluetooth receiver can then capture that phone’s unique MAC address. This provides highly accurate location information to within just a few feet because of Bluetooth’s short broadcast range. In the past, we’ve seen retailers use this method to track customers in their physical stores to better understand their shopping habits. However, more modern phones often create dummy MAC addresses when they seek out Bluetooth connections, which helps thwart this practice. 

Now here’s what makes these tracking methods so powerful: in addition to the way they can determine your phone’s location, they’re also quite good at determining your identity too. With it, companies know who you are, where you are, and potentially some idea of what you’re doing there based on your phone’s activity. 

Throughout our blogs we refer to someone’s identity as a jigsaw puzzle. Some pieces are larger than others, like your Social Security number or tax ID number being among the biggest because they are so unique. Yet if someone gathers enough of those smaller pieces, they can put those pieces together and identify you. 

Things like your phone’s MAC address, ad IDs, IP address, device profile, and other identifiers are examples of those smaller pieces, all of which can get collected. In the hands of the collector, they can potentially create a picture of who you are and where you’ve been. 

What Happens to Your Location Information That Gets Collected? 

What happens to your data largely depends on what you’ve agreed to.  

In terms of apps, we’ve all seen the lengthy user agreements that we click on during the app installation process. Buried within them are terms put forth by the app developer that cover what data the app collects, how it’s used, and if it may be shared with or sold to third parties. Also, during the installation process, the app may ask for permissions to access certain things on your phone, like photos, your camera, and yes, location services so it can track you. When you click “I Agree,” you indeed agree to all those terms and permissions.  

Needless to say, some apps only use and collect the bare minimum of information as part of the agreement. On the other end of the spectrum, some apps will take all they can get and then sell the information they collect to third parties, such as data brokers that build exacting profiles of individuals, their histories, their interests, and their habits.  

In turn, those data brokers will sell that information to anyone, which can be used by advertisers along with identity thieves, scammers, and spammers. And as reported in recent years, various law enforcement agencies will purchase that information as well for surveillance purposes. 

Further, some apps are malicious from the start. Google Play does its part to keep its virtual shelves free of malware-laden apps with a thorough submission process as reported by Google and through its App Defense Alliance that shares intelligence across a network of partners, of which we’re a proud member. Android users also have the option of running Play Protect to check apps for safety before they’re downloaded. Apple has its own rigorous submission process for weeding out fraud and malicious apps in its store as well. 

Yet, bad actors find ways to sneak malware into app stores. Sometimes they upload an app that’s initially clean and then push the malware to users as part of an update. Other times, they’ll embed the malicious code so that it only triggers once it’s run in certain countries. They will also encrypt malicious code in the app that they submit, which can make it difficult for reviewers to sniff out. These apps will often steal data, and are designed to do so, including location information in some cases. 

As far as cell phone service providers go, they have legitimate reasons for tracking your phone in the ways mentioned above. One is for providing connectivity to emergency service calls (again, like 911 in the U.S.), yet others are for troubleshooting and to ensure that only legitimate customers are accessing their network. And, depending on the carrier, they may use it for advertising purposes in programs that you may willingly opt into or that you must intentionally opt out of. 

Ways to Limit Tracking on Your Smartphone 

We each have our own comfort level when it comes to our privacy. For some, personalized ads have a certain appeal. For others, not so much, not when it involves sharing information about themselves. Yet arguably, some issues of privacy aren’t up for discussion, like ending up with a malicious data-stealing app on your phone.  

In all, you can take several steps to limit tracking on your smartphone to various degrees—and boost your privacy to various degrees as a result: 

  1. Switch your phone into Airplane Mode. Disconnect. Without a Wi-Fi or data connection, you can’t get tracked. While this makes you unreachable, it also makes you untraceable, which you may want to consider if you’d rather keep your whereabouts and travels to yourself for periods of time. However, note that iPhones have a feature called “Find My Network” that helps track lost devices, even when they are powered off or disconnected. 
  2. Turn off location services altogether. As noted above, your smartphone can get tracked by other means, yet disabling location services in your phone settings shuts down a primary avenue of location data collection. Note that your maps apps won’t offer directions and your restaurant app won’t point you toward that tasty burger when location services are off, but you will be more private than with them on.  
  3. Provide permissions on an app-by-app basis. Another option is to go into your phone settings and enable location services for specific apps in specific cases. For example, you can set your map app to enable location services only while in use. Other apps, you can disable location services entirely. Yet another option is to have the app ask for permissions each time. Note that this is a great way to discover if apps have defaulted to using location services without your knowledge when you installed them. On an iPhone, you can find this in Settings à Privacy & Security à Location Services. On an Android, go to Settings à Locations à App Locations Permissions. 
  4. Delete old apps. And be choosy about new ones. Fewer apps mean fewer avenues of potential data collection. If you have old, unused apps, consider deleting them, along with the accounts and data associated with them. Also, steer clear of unofficial app stores. By sticking with Google Play and Apple’s App Store, you have a far better chance of downloading safe apps thanks to their review process. Check out the developer of the app while you’re at it. Have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps may have only a handful of (phony) five-star reviews. 
  5. Turn off Bluetooth while not in use. You can keep passive location-sniffing techniques from logging your location by disabling your phone’s Bluetooth connectivity when you aren’t using it.  
  6. Use a VPN. A VPN can make your time online more private and more secure by obscuring things like your IP address and by preventing snoops from monitoring your activity.  
  7. On iPhones, look into using Private Relay. Apple’s Private Relay is similar to a VPN in that it changes your IP address so websites you visit can’t tell exactly where you are. It works on iOS and Macs as part of an iCloud+ subscription. Yet there is one important distinction: it only protects your privacy while surfing with the Safari browser. Note that as of this writing, Apple Private Relay is not available in all countries and regions. If you travel somewhere that Private Relay isn’t available, it will automatically turn off and will notify you when it’s unavailable and once more when it’s active again. You can learn more about it here and how you can enable it on your Apple devices. 
  8. Stash your phone in a Faraday bag. You can purchase one of these smartphone pouches online that, depending on the model, can block Bluetooth, cellular, GPS, RFID, and radio signals—effectively hiding your phone and that prevent others from tracking it.   
  9. Opt out of cell phone carrier ad programs. Different cell phone carriers have different user agreements, yet some may allow the carrier to share insights about you with third parties based on browsing and usage history. Opting out of these programs may not stop your cell phone carrier from collecting data about you, but it may prevent it from sharing insights about you with others. To see if you participate in one of these programs, log into your account portal or app. Look for settings around “relevant advertising,” “custom experience,” or even “advertising,” and then determine if these programs are of worth to you.  

More privacy on mobile 

There’s no way around it. Using a smartphone puts you on the map. And to some extent, what you’re doing there as well. Outside of shutting down your phone or popping into Airplane Mode (noting what we said about iPhones and their “Find My Network” functionality above), you have no way of preventing location tracking. You can most certainly limit it. 

For yet more ways you can lock down your privacy and your security on your phone, online protection software can help. Our McAfee+ plans protect you against identity theft, online scams, and other mobile threats—including credit card and bank fraud, emerging viruses, malicious texts and QR codes. For anyone who spends a good portion of their day on their phone, this kind of protection can make life far safer given all the things they do and keep on there. 

Introducing McAfee+

Identity theft protection and privacy for your digital life

#Limit #Location #Tracking #Phone