The good thing about some coupon apps is that they track your location, so they can alert you to nearby coupon offers. The not-so-good thing about some coupon apps is that they track your location, so they know when you’re near a store, when you’re not, when you’re home, when you’re at work, and so on.
And the really concerning thing is that some coupon apps are apparently sharing this information with third-party data monetization firms, likely without your knowledge.
That’s according to a new report from GuardianApp, a mobile VPN that helps users protect their personal data. The app’s founders have identified dozens of popular iOS apps – including several well-known coupon apps – that it says are being “used to covertly collect precise location histories from tens of millions of mobile devices”, and providing that information to third parties that acquire and resell customer data in order to deliver ads or develop marketing strategies.
In many cases, GuardianApp says, “the packaged tracking code may run at all times, constantly sending user GPS coordinates and other information” to third parties not otherwise affiliated with the apps.
Many apps, like those that provide local weather forecasts or maps, need to know your location in order to work properly. And so do coupon apps that need to know where you are in order to alert you to relevant nearby coupons. But GuardianApp says its analysis shows that while many apps “present a plausible justification” for requesting access to your mobile device’s location services, they often make “little or no mention of the fact that location data will be shared with third-party entities for purposes unrelated to app operation.”
The Coupon Sherpa app, for example, requests permission to access your device’s location services, by saying that “Location/Bluetooth data may be used for providing relevant and timely coupons and for providing more applicable ads”. But GuardianApp says its analysis shows Coupon Sherpa contains code from two different location data monetization firms, which indicates that it’s sharing your data with third parties that can utilize and sell everything from your GPS location, to your travel history, accelerometer information, battery status, cellular network and more.
Coupon Sherpa’s full privacy policy is much more explicit. The policy discloses that Coupon Sherpa may “anonymously share your location, excluding personally identifiable information, with third party advertisers to enhance your experience with more relevant, location-based offers.” It advises that you can “remove your consent to having your location data collected by changing the settings on your device”, but warns that “certain services may lose functionality as a result”.
Another coupon app on GuardianApp’s list of apps that share your data is SnipSnap. It tells app users that “SnipSnap uses location to send you coupon reminders when you arrive at a store and to help you discover great offers nearby.” SnipSnap’s full privacy policy notes that it may provide “third parties with reports that contain aggregated and statistical data about our users”. But it does not explicitly say that it shares location data, even though GuardianApp says the SnipSnap app contains location tracking code from a third-party company that collects GPS, Wi-Fi and Bluetooth device data.
And the coupon app called, appropriately, The Coupons App once contained tracking code from three different data monetization firms, GuardianApp says. But one was recently removed, apparently at the behest of Apple, which monitors and prevents apps from misleading users into granting location data access for “unapproved purposes”. The Coupons App responded to that forced change with a snarky and recalcitrant update notice on the App Store. It promised users “Poorer local content results”, “no driving notifications of nearby coupons” and “more manual searching for boring & stale stores”, because “Apple policy prefers your experience in this app to potentially be full of bugs”.
To its credit, The Coupons App is the only coupon app on GuardianApp’s list that notifies users up front that it will collect and share their data if they enable location services. “Location information is collected and may be used and shared for advertising, analytics and research purposes,” the notification reads.
Aside from the fact that this information is not always adequately disclosed, there’s nothing necessarily sinister or improper about what these apps – or dozens of others – are doing. GuardianApp says the bottom line is that you should be aware of what you’re agreeing to when you download and use any app. And if you’re not comfortable with apps sharing your data, you should go to your device’s privacy settings and select “limit ad tracking“. Or you should say no if a location services permission request tells you to read the app’s privacy policy for more details, which suggests that there might be more they’re not telling you up front.
“I believe people should be able to use any app they wish on their phone without fear that granting access to sensitive data may mean that this data will be quietly sent off to some entity who they do not know and do not have any desire to do business with,” GuardianApp’s Will Strafach told TechCrunch.
So tread carefully the next time you download an app that promises to help you find coupons. Saving money with coupon apps may well come at a price you’re not willing to pay
Image source: SnipSnap
