We pay mobile operators a monthly fee to use the Internet and make calls. But it's not just our money we're paying with, it's also our data.

TL;DR version:

  • Mobile carriers collect and sell customer data for profit.

  • Carriers use various methods to collect data, including default settings that enroll customers in data collection programs without their knowledge or consent, and opt-in programs that require explicit consent but may use misleading language or design to trick users into agreeing.

  • Major mobile carriers, such as AT&T, Verizon, and T-Mobile, collect customer data through their privacy policies, which often go unread by consumers.

  • Carriers collect various data, including web browsing history, app usage, device location, demographic information, and more. Carriers also combine data collected from customers with information from external sources, such as credit reports, marketing mailing lists, and social media posts.

  • They use this data to create models and inferences about customers’ interests and buying intentions, which they then share with advertisers for targeted advertising.

  • Individuals can choose to opt out of data collection initiatives, utilize Virtual Private Networks (VPNs) to limit data accessibility, and change to alternate Domain Name System (DNS) servers to reduce the amount of data gathered.

  • Septimaeus@infosec.pubEnglish
    2·
    5 months ago

    Yeah they skipped past some likely questions. I can try to fill in a little.

    Apple users are assigned an advertising ID, but the user can reset (not disable IIRC) the ID whenever they want, so it might not be as useful to the carrier for profiling purposes. All that would give them is fragments of profiles that, without other identifiers like phone or email, might be impossible to associate with their customer.

    Android users tend to have numerous and more persistent identifiers available for profiling, and manufacturers have been permissive with carrier partners re: daemons, kernel extensions, and custom telecom apps. I think that’s what the article meant was unique to Android. Carrier tracking can just be more deeply embedded in these systems, beyond the obvious bloatware apps and widgets.

    Interestingly, Apple sells similar tracking functionality for custom provisioned commercial devices IIRC, complete with the uninstallable apps, enhanced telemetry, etc. So it’s not like they can’t or won’t track users as a paid service, they just have no reason to let carriers do it on their equipment.