Is My App Private?

A  bar chart showing the average number of SDKS in school utility apps by phone type and by public vs. private schools
Is My App Private- average # of SDKs . Source: Me2ba.org. Read their summary for how apps are categorized into 3 types.


Dear Ms. Smartphone: At my high school the principal enters her best students in an online sweepstakes. We get freebies and discounts when our name is drawn. That seems great but now I get ads on my phone from the places I visit plus emails to enlist in the military, to join climate action groups, and to even get credit cards! I am beginning to wonder whether that app is private. Meanwhile, seniors, like me, are required to use special apps if we tutor after-school. We also use the school’s choice of apps for transportation and the year-book. I have a cyber-aware friend who studies this and she says we are being sold out. Justin, Burlingame

Dear Justin: Hopefully you are only receiving a digital heap of senior year marketing. Conventionally, juniors and seniors get mountains of unsolicited mail, as the College Board and other testing services resell student names and addresses. But, why have those solicitations moved to the phone?

Gizmodo reported this week that many school utility apps were sharing some amount of data with third-party marketing companies. A non-profit called Me2ba randomly tested 73 apps from 38 schools and found that they majority of the apps added code (SDKs) that could access phone data. The code, for example, might try to record a student’s location, their contact list, photos and even Google or Iphone ad identifiers. So, the answer to ‘Is My App Private’ is a resounding ‘No.’

FREE DATA BUT NO LUNCH

There’s an expression that there’s no such thing as a free lunch, and that holds double when it comes to digital matters. We all know, or should know, that we pay for “free” email and “free” searches with our attention and search history. Perhaps the school administrators just didn’t know or care.

Before the Internet it was simpler: schools issued directories with students’ names, home address, and contact number. School administrators then asked parents to keep the directories private. Not everyone followed the rules. With the Internet, the scale of misuse is bigger and dangerous. Perhaps you read the story this week about the millions of fake comments on the FCC plan to scale back net neutrality in 2016. A 19 year old student was responsible for 7.7 million comments generated using websites that create names, physical addresses and email addresses!

SCHOOLS HAVE TO LEARN

School officials, at least the ones in your high school, are supposed to protect you and keep you safe…but they don’t seem to be aware of the risk that they might be putting you at online. That academic sweepstakes sounds particularly dodgy! The irony is that these are the same institutions that we depend on to teach digital citizenship and digital literacy.

In a previous post I gave directions for reviewing the apps on your phone, and checking their permissions. It’s a good idea to share this with other students in your school, and make them more aware of the data trail they may leave behind. I hope that you, and the friend you mentioned, go on to college and study computer science, as what you mention is a real threat for future generations.

Smartphone Privacy- Tides Shifting

Does IDFA= Identity Details Facebook Acquires?

Cheetos (the food) leaves stains on your fingers. A Tide ad from the 2020 superbowl ad suggests use Tide for stains.
Smartphone privacy! Don’t leave a trace!
Tide ad from 2020 Superbowl

Dear Ms. Smartphone: I am confused by the news about smartphone privacy. First I read this week that Apple has a new privacy feature for iPhones. Then I read a story that big U.S. companies are working with the Chinese to bypass these privacy settings. And, finally, there is a piece today that says it is all a corporate battle with Facebook. I am worried about my smartphone privacy, not about these companies. Annette, Tiburon

Dear Annette: We hold the answers in our hand, but not quite!  There is currently a secret string of numbers called an Identifier for Advertisers (IDFA) on Iphones and a similar code, called an AAID on Android phones.  Mobile apps do not have cookies, so instead an unique identifier tracks you across the apps you download, your purchase history, location and quote, “much more.”

In the next release of their software, Apple will provide IDFA controls for the apps you open. Meanwhile, as you noted, some companies are allegedly working with the Chinese to bypass it, like Procter and Gamble (the maker of Tide). A third viewpoint is that this is a high stake game to move the app business away from Facebook.

ChangiNG TIDES

Suppose, like me, you buy Tide detergent. In bygone times that brand targeted women and ran lots of full page ads in magazines such as Better Homes & Gardens. The publisher of that magazine is now in an exclusive licensing relationship with Walmart, so we can imagine they could merge  the address and zipcode of subscribers with other data bases, and send you promotions for Walmart. Data on the Internet works the same way, except that the IDFA is truly specific and granular- it is at the person (i.e., smartphone) level. 

Ads and IDFA’s are the underpinning of our media, since we do not pay a subscription or license fee like users of the BBC (British Broadcasting Corporation).  Instead, when we use search engines and email we pay with our eyeballs and attention. Our interests and browsing habits are commodities that Facebook, Google, and to a lesser extent Apple, sell to advertisers. Here’s a DearSmartphone post, from the summer, of how a grandma was “oversold.”

Don’t Leave A TRACE!

The point is that that the searches you make, the media you post, and the sites you click leave a breadcrumb trail about “you.”  If I want to sell Tide detergent, it’s important to know whether you favor brand name reputation, as well as your age, marital status, and stage in life. For a fee, Facebook runs a Tide ad  to viewers with these exact qualities. Really, does IDFA stands for “Identity Details Facebook Acquires?”

The good news is that you don’t have to wait for the release of new Apple software. There’s a setting on your Iphone where you can ‘sort-of’ opt-out today. Go to <Settings> then <Privacy> <Tracking> and make sure the toggle is off. While there scroll to the bottom of <Privacy> screen and you will reach <Apple Advertising>. Toggle off settings to receive Apple’s ‘Personalized Ads.’ But, note that they still intend to send ‘served ads’ when you search on the App Store or on Apple News and Stocks. Apple calls it “contextual information”  and it speaks to Gabriel Nichols critique (cited above) that a discussion of personal privacy is also entangled with larger institutional interests. 

CUrious IF..

Since we don’t have BBC like fees for the Internet, targeted ads are baked into our digital culture. Speaking of Target,  one of the most often repeated stories about tracking was published in Forbes magazine in 2012. A Dad learned that his teen daughter was first-trimester pregnant, after she bought vitamins, or something similar at Target, the retailer. Target had unwittingly mailed the household coupons for expectant moms. In 2020, a Facebook employee, Colin Fraser, debunks this story, assiduously noting that the story was probably made up, and even if it did happen, the AI prediction model could not operate with such precision and accuracy.

Whether the story and pregnancy are true or false, it should rankle some curiosity and make you more aware and attentive online. Consider using cash instead of a trackable credit card, continue to delete cookies from search engines and preferably buy your Tide from a locally owned and operated store. Finally, spend some time exploring what the apps on your phone want from you and what you choose to give them.

Misunderstood Prank on Email

A fake photo of an orca attacking a bear. It is a prank photo that has gone viral on social media.
Orca & The Bear. A Misunderstood April Fools’ Prank. See Snopes.org

Dear Ms. Smartphone: Can you help me understand this misunderstood prank?  On April Fool’s Day (this past Thursday) I posted an email to the town’s listserv. I  invited fellow board members to a special Transportation Meeting. My email strongly recommended that they arrive on a scooter or bicycle. At the end of the email I wrote ‘Happy April Fools!’  Despite this, two or three people immediately called the town administrator to say they had a conflict with the date. Another person called the accessibility commissioner and complained about scooters! Honestly, I sent the email in humor but it came off as a misunderstood prank. Do people not have a sense of humor anymore?  Craig (name of town withheld)

Dear Craig: Hopefully by now this misunderstood prank has sunk to the bottom of the  email well and you and the town are happily reconciled. My sympathies. All of us have sent emails that we wish to have erased.  But here is why your email “blew up.” 

First, it’s April 2021, and the pandemic has made people edgy and anxious. It’s been a stressful 13 months and many have checked out, literally.  For them,  April 1 was just another new month when the rent was due and there were bills to pay. They probably forgot the occasion unless they were tuned in to jokey-jokey morning radio or TV. The Onion is not the reading choice of your listserve friends and the media they consult may be too fragmented.

Second, and this ties into a recent DearSmartphone post, we seem to be experiencing weird, wacky, and woke decision making by public groups. Why?  Perhaps the majority of people who meet on Zoom don’t speak up, and a vocal minority lead the charge.  Your April Fool’s  email that required board members to arrive by scooter or bike might have struck them as another wacky iteration.

Jumping to Wrong Conclusions

Obviously, you are grieved because people did not read the email to the end. That would have clarified it was an April Fool’s lark. But, in my post on the weird and wacky, note that disassociated publics can jump to quick  (and wrong) conclusions. Most likely, the members read the email from home, alone, and for some, still in their PJs. The post would have been received differently had they congregated at the water-cooler or conversed about it over the office cubicles.  

While I hate to be a spoiler, there is a larger, sinister issue surrounding your innocent April Fools prank. Increasingly our media seems to be hijacked by fake news and fake followers. For example, nearly half of the Twitter accounts spreading messages about the pandemic this past summer were probably bots, according to researchers  at Carnegie Mellon University. And, recently The New York Times has started publishing ‘Daily Distortions’, a feed to chronicle and debunk false and misleading information. Meanwhile, it’s not just the news stories that are co-opted. There is increasingly sophisticated  software that alters and fabricate images.

Check Hoax, Check ‘Snopes’

You might get a smile from the site called hoaxes.org where I found the river image (above). Quite to your point, someone posted the image and a  prank story on April’s Fools day, 2015.  Snopes, a useful fact-checking site, says people continue to stumble upon the image of an Orca attacking a bear.  Bearware?!  It’s beginning to feel like everyday is April Fools!