How to track your phone.
Getty
Updated Nov. 22 with a new study into app tracking and a “do not tap” warning.
You are being tracked — and not in an open and transparent way you can stop. Your smartphone has a unique fingerprint you can’t fully hide, and this can be secretly harvested without you ever knowing. It’s happening right now. If you want to know what this hidden tracking looks like — you can see for yourself with just one click.
Online anonymity and privacy is a big thing right now. It has hit the headlines given recent bans on porn access and mandates for identity and age verification. Those headlines are being fueled by legislators reversing years of privacy upgrades with a push to monitor messages and online activity, to check who you are and what you’re doing.
Cue the dirty little secret that is device fingerprinting. You might think because you have disabled tracking cookies and enabled private browsing that you’re safe. You’re wrong. Your phone gives away a trail of unrelated data points. Each on its own is harmless, but combine enough of them and your phone is unique.
You can be tracked and profiled. Online activity linked to a device. And it takes just one identifiable activity to link the device to a you, to de-anonymize that profile.
Digital fingerprinting made its own headlines earlier this year, when Google reversed its ban on the practice. And this invasive tracking has now extended beyonds browsers to cover smart devices as well — your TVs or gaming consoles, for example.
While you can’t stop fingerprinting, you can make it more difficult for trackers to pull all the data they want. Apple’s Safari and Mozilla’s Firefox have new anti-fingerprinting technologies that are now deployed by default. And while a VPN will not stop your device giving up a range of signals, it will block some of these.
Does this mean every website tracks you? No. But many do. And as Mozilla warns, “fingerprinters can continuously identify you invisibly, allowing bad actors to track you without your knowledge or consent. Online fingerprinting is able to track you for months, even when you use any browser’s private browsing mode.”
If you want to see how pervasive this is, check your own digital fingerprint right now. You can use EFF’s Cover Your Tracks. Click “Test Your Browser.” Ideally you’ll be told “your browser fingerprint has been randomized,” and that “although sophisticated adversaries may still be able to track you to some extent, randomization provides a very strong protection against tracking companies trying to fingerprint your browser.”
But you may not. You may be told “your browser fingerprint appears to be unique” among those tested, and that “we estimate that your browser has a fingerprint that conveys at least [x] bits of identifying information.”
The first notification came through Safari, the second through Chrome. A material percentage of websites deploy this tracking. If your device can be secretly tracked, it is being secretly tracked. It’s as simple as that.
You can also use the “Am I Unique” website to pull dozens of data signals from your device. Just click “See My Fingerprint.” You can run this using different browsers, using VPNs, even using private browsing . This test does not focus on randomized data and will show you as unique. It’s detailed display of the expansive data pulled is notable.
You can easily rationalize how these dozens of signals will differ from other phones. Your phone is being tracked to some extent — you can’t stop it but you can reduce it. Whether or not you do so will depend on the extent to which you value your privacy.
This issue extends beyond browser fingerprinting. Google has been under fire for its all-seeing Play Services ecosystem. As one report warns, “every Android user has used the Google Play Store at some point, but what you might not know is that the Play Store app has a background service that is constantly running in the background. This background process is called ‘Google Play Services’, and it has access to everything on your phone.”
That invisible tracking extends beyond the stock apps and frameworks powering your phone. The third-party apps you install are riddled with invasive behaviors. A new study draws some alarming conclusions, with “Google Play Store’s privacy sections often leaving people scratching their heads,” Help Net Security explains.
If you use Safari on your iPhone, it’s almost certain that Google is your default search engine. Settings > Apps > Safari > Search Engine. That means that Apple’s fairly privacy-centric browser returns a Google generated web page when you search.
This is fine, albeit if you’re logged into your Google Account then the search giant can harvest more activity data. But you’re still protected by Safari’s settings while in Apple’s browser. But Google has just added a fairly sneaky way to change this.
At the bottom of each search page, just above where you tap for “more search results,” there’s now an enticing “Try App” button to “ask and explore anything with the Google App.” It’s cleverly positioned. Chances are you’ll accidentally tap it sometimes when looking to move to the next search page.
If you do tap, it will redirect from Safari to Google’s app and a new search box. Beware though, at this point you have exited Apple’s privacy enclave and jumped into Google’s. And no one operates more hidden web trackers than Google.
