Credit: Ryan-Thomas Shaw / Android Authority
- A new exposé report shows how an Israeli security company uses mobile ads to compromise smartphone security.
- By using data gleaned from app developers, the company can locate smartphone users with accuracy as high as just one meter off.
- There’s nothing technically illegal about the practice, it seems, but it does raise some eyebrows.
A new report from Forbes reveals that an Israeli company called “Bsightful” uses mobile ads in a devilishly clever way. By using freely-offered information on users from app developers, the company can locate most anyone with minimal information. Bsightful is selling this data access to whoever is willing to pay.
Bsightful is a highly secretive company. Forbes was only able to figure out the most basic of details about it. However, the report does illustrate how easy it is to glean location information through mobile ads, which could severely compromise your smartphone security.
How do mobile ads breach smartphone security?
Let’s imagine that you are an advertiser. If you want to buy ad space within a mobile app, you want to be sure the people using that app are the same people who would potentially buy your product, right? For example, if you’re selling beard shampoo, you probably don’t want to advertise within a women’s fashion app, since that audience isn’t going to buy beard shampoo.
To help match advertisers with the right app audience, there are Demand Side Platforms, or DSPs. Using a DSP, app developers will upload their user data information and advertisers will use that information to figure out the best place for their ads.
According to Forbes, Bsightful creates shell DSPs with the strict purpose of just collecting this freely-offered user data from app developers. Every now and then they might serve up an ad to keep up appearances, but the shell DSP is all about the data. Allegedly, Bsightful could then sell that information to governments, police, or other organizations.
Although the data gleaned from these methods aren’t nearly as accurate as direct location data collection, it is still accurate enough to compromise your smartphone security. Under the best conditions, an organization could locate someone within a one-meter accuracy using nothing but a phone number.
Of course, for this to work in tracking you, you would need the appropriate app on your phone and allow that app to use your information for ads. Users who are very stringent with their permissions and use ad blockers religiously would be more difficult to track in this manner.