When it comes to collecting data on consumers, there’s no shortage of effective options. Companies from Google on down to the tiniest developer of time-wasting games routinely record personal info—names, birthdates, credit card info—simply by asking for it.
Many also track your location throughout the day using your phone’s GPS and nearby cell towers or web beacons.
And Facebook monitors your browsing habits beyond the confines of its own platform, thanks to a tiny, transparent image file known as a Facebook Pixel that’s placed on websites across the internet to track what you watch and read and place in your shopping cart.
In Choffnes’ study, the researchers also found that 9,000 Android apps were secretly taking screenshots or recording videos of smartphone activity and sending them to third parties. In one case, a food-delivery app recorded video of the user’s activity and shared it with a data-analytics firm.
One screenshot captured ZIP codes. Imagine if others revealed usernames, passwords, or credit card information.
Clay Miller, chief technology officer for the mobile security firm SyncDog, says that while apps are designed to be “sandboxed,” meaning they withold user data from other apps, data can sometimes cross over through a phone’s operating system.
Still, it’s more likely that, at some point, you paused to admire those sneakers you were discussing with your friend online, Miller notes. And perhaps didn’t realize—as few people do—that companies like Google combine data from their many free apps, creating a profile for ad targeting purposes.
So, if you were to do a Google search for a particular kind of sneaker and use Google Maps to drive to a shoe store and your Gmail account to sign up for a shoe store’s mailing list, you can bet you’re going to get ads for sneakers in your Chrome browser.
And, thanks to all that data-tracking software tied to Facebook, you’ll probably see the same ads in your Facebook feed, too.
If that weirds you out, try to limit the access those companies have to your browsing history by not using the universal sign-on features offered by Google and Facebook and by not signing into the Chrome browser, Miller says.
Keep an eye on the permissions granted to your apps, too, Covington adds. If you don’t think that gaming app needs access to the camera or microphone on your phone, revoke it.
To see exactly what permissions you’ve given to each app on an iPhone, go to Settings > Privacy > and then scroll down to a category such as Camera. There you’ll find a list of apps with permission to use your camera along with toggle switches to withdraw that access.
On an Android phone, go to Settings > Apps > and scroll down and click on a specific app. The next screen will show you what permissions that app has and allow you to turn them on or off.
“A lot of people might not connect the dots and realize that they’re trading their data and privacy for a free service, but that’s the world we live in,” Covington says.