How mobile carriers make money off your data behind your back
How mobile carriers make money off your data behind your back
We pay mobile operators a monthly fee to use the Internet and make calls. But it's not just our money we're paying with, it's also our data.
TL;DR version:
-
Mobile carriers collect and sell customer data for profit.
-
Carriers use various methods to collect data, including default settings that enroll customers in data collection programs without their knowledge or consent, and opt-in programs that require explicit consent but may use misleading language or design to trick users into agreeing.
-
Major mobile carriers, such as AT&T, Verizon, and T-Mobile, collect customer data through their privacy policies, which often go unread by consumers.
-
Carriers collect various data, including web browsing history, app usage, device location, demographic information, and more. Carriers also combine data collected from customers with information from external sources, such as credit reports, marketing mailing lists, and social media posts.
-
They use this data to create models and inferences about customers' interests and buying intentions, which they then share with advertisers for targeted advertising.
-
Individuals can choose to opt out of data collection initiatives, utilize Virtual Private Networks (VPNs) to limit data accessibility, and change to alternate Domain Name System (DNS) servers to reduce the amount of data gathered.
You're viewing a single thread.
T-Mobile’s privacy policy says that it collects app usage data from its customers and shares it with advertisers for ‘Relevant Ads,’ unless the customers opt out. Notably, this only affects Android users, as Apple users are spared. Mobile advertising ID (MAID) of iOS users — which is an identifier that is used to track user behavior and preferences for ad purposes — is not so readily available anymore since 2021, when Apple introduced App Tracking Transparency (ATT) feature. The feature made it much easier for iOS users to opt out of third-party tracking, which made iOS devices less useful for advertising.
I have so many more questions now.
On the Apple side
How does Apple provide data to T-Mobile? I assumed connections to their servers would be encrypted and the advertising ID, along with everything else, would be unusable.
On the Android side
How does Android provide an advertising ID to T-Mobile, and how do you opt out of giving it to them? There seems to be a "simple" opt-out available on it too:
Settings > Google > All Settings > Ads > Delete Advertising ID
And if this doesn't work, why does it work for Apple but not Android?
You have to debloat your android. It takes a lot of time, dedication and search to find the specific things to delete or desactivate on your specific model.
2 ways of doing exactly that:
-
Universal debloater with adb for non rooted phones.
-
De-bloater more advanced but requires a rooted phone with magisk
Clean-custom roms are better sure, but depening your phone's model, either it works great or it's just a quirky mess :/
With my samsung a53 5g there isn't any good clean official rom. Just some random unofficial, wich you either trust or not...
I wish I could install grapheneOS on mine, but as a non dev, it's not in my power nor my capcity to do so !
-
Important note about Apple:
Apple is making a living by being a gatekeeper to your data. They do not keep it private to only you, they do not keep it to themselves.
However they do not share it for free with other companies. Make no mistake: they are not doing this out of the goodness of their hearts.
I think that refers to t-mobile’s own/affiliated apps and services. Those would use the onboard ads platform to collect high quality telemetry (assuming the user keeps them installed) but even the lower quality data from outside the platform, like DNS queries, traffic logs, and general device location, can be captured by the carrier if there are no user countermeasures in place.
It does. If you purchase a device from the carrier, it's guaranteed to be preloaded with their apps. Verizon currently states
"we may change your wireless device's software, applications or programming remotely, without notice."
https://www.verizon.com/legal/notices/customer-agreement/
The solution is to get a phone from the manufacturer themselves. They don't come with carrier bloat.
Agreed, though I might add that a number of manufacturers have been known to dabble in data brokerage as well.
It might sound paranoid, but Android is built around data collection, and in practice it’s just a feeding frenzy. The carrier, the manufacturer, the ad platforms, the advertisers, the app developers, everyone gets pieces of you and none take responsibility for the pieces the others take, since it’s outside the scope of their offering.
The best bet is a clean flash, Lineage or the like, and strictly open source apps. I’d encourage any user who can’t or won’t go through that process to stick to iOS. It’s not perfect but it has the best default privacy protections by a significant margin and the refurb market has many affordable units. Factory Android these days is a privacy nightmare.
It seems confusing to say "Apple users aren't affected by this" and immediately follow it up with "...and you can disable your Apple tracking ID", isn't it? It implies T-Mobile is tracking you through the ID.
I'm probably overthinking this, and the article is just written a bit poorly.
Not like the T-Mobile user agreement is much more specific... Like all privacy policies, it makes you guess where things are collected
Yeah they skipped past some likely questions. I can try to fill in a little.
Apple users are assigned an advertising ID, but the user can reset (not disable IIRC) the ID whenever they want, so it might not be as useful to the carrier for profiling purposes. All that would give them is fragments of profiles that, without other identifiers like phone or email, might be impossible to associate with their customer.
Android users tend to have numerous and more persistent identifiers available for profiling, and manufacturers have been permissive with carrier partners re: daemons, kernel extensions, and custom telecom apps. I think that’s what the article meant was unique to Android. Carrier tracking can just be more deeply embedded in these systems, beyond the obvious bloatware apps and widgets.
Interestingly, Apple sells similar tracking functionality for custom provisioned commercial devices IIRC, complete with the uninstallable apps, enhanced telemetry, etc. So it’s not like they can’t or won’t track users as a paid service, they just have no reason to let carriers do it on their equipment.