We pay mobile operators a monthly fee to use the Internet and make calls. But it's not just our money we're paying with, it's also our data.
TL;DR version:
Mobile carriers collect and sell customer data for profit.
Carriers use various methods to collect data, including default settings that enroll customers in data collection programs without their knowledge or consent, and opt-in programs that require explicit consent but may use misleading language or design to trick users into agreeing.
Major mobile carriers, such as AT&T, Verizon, and T-Mobile, collect customer data through their privacy policies, which often go unread by consumers.
Carriers collect various data, including web browsing history, app usage, device location, demographic information, and more. Carriers also combine data collected from customers with information from external sources, such as credit reports, marketing mailing lists, and social media posts.
They use this data to create models and inferences about customers' interests and buying intentions, which they then share with advertisers for targeted advertising.
Individuals can choose to opt out of data collection initiatives, utilize Virtual Private Networks (VPNs) to limit data accessibility, and change to alternate Domain Name System (DNS) servers to reduce the amount of data gathered.
T-Mobile’s privacy policy says that it collects app usage data from its customers and shares it with advertisers for ‘Relevant Ads,’ unless the customers opt out. Notably, this only affects Android users, as Apple users are spared. Mobile advertising ID (MAID) of iOS users — which is an identifier that is used to track user behavior and preferences for ad purposes — is not so readily available anymore since 2021, when Apple introduced App Tracking Transparency (ATT) feature. The feature made it much easier for iOS users to opt out of third-party tracking, which made iOS devices less useful for advertising.
I have so many more questions now.
On the Apple side
How does Apple provide data to T-Mobile? I assumed connections to their servers would be encrypted and the advertising ID, along with everything else, would be unusable.
On the Android side
How does Android provide an advertising ID to T-Mobile, and how do you opt out of giving it to them? There seems to be a "simple" opt-out available on it too:
Settings > Google > All Settings > Ads > Delete Advertising ID
And if this doesn't work, why does it work for Apple but not Android?
You have to debloat your android. It takes a lot of time, dedication and search to find the specific things to delete or desactivate on your specific model.
I think that refers to t-mobile’s own/affiliated apps and services. Those would use the onboard ads platform to collect high quality telemetry (assuming the user keeps them installed) but even the lower quality data from outside the platform, like DNS queries, traffic logs, and general device location, can be captured by the carrier if there are no user countermeasures in place.
Agreed, though I might add that a number of manufacturers have been known to dabble in data brokerage as well.
It might sound paranoid, but Android is built around data collection, and in practice it’s just a feeding frenzy. The carrier, the manufacturer, the ad platforms, the advertisers, the app developers, everyone gets pieces of you and none take responsibility for the pieces the others take, since it’s outside the scope of their offering.
The best bet is a clean flash, Lineage or the like, and strictly open source apps. I’d encourage any user who can’t or won’t go through that process to stick to iOS. It’s not perfect but it has the best default privacy protections by a significant margin and the refurb market has many affordable units. Factory Android these days is a privacy nightmare.
It seems confusing to say "Apple users aren't affected by this" and immediately follow it up with "...and you can disable your Apple tracking ID", isn't it? It implies T-Mobile is tracking you through the ID.
I'm probably overthinking this, and the article is just written a bit poorly.
Not like the T-Mobile user agreement is much more specific... Like all privacy policies, it makes you guess where things are collected
Yeah they skipped past some likely questions. I can try to fill in a little.
Apple users are assigned an advertising ID, but the user can reset (not disable IIRC) the ID whenever they want, so it might not be as useful to the carrier for profiling purposes. All that would give them is fragments of profiles that, without other identifiers like phone or email, might be impossible to associate with their customer.
Android users tend to have numerous and more persistent identifiers available for profiling, and manufacturers have been permissive with carrier partners re: daemons, kernel extensions, and custom telecom apps. I think that’s what the article meant was unique to Android. Carrier tracking can just be more deeply embedded in these systems, beyond the obvious bloatware apps and widgets.
Interestingly, Apple sells similar tracking functionality for custom provisioned commercial devices IIRC, complete with the uninstallable apps, enhanced telemetry, etc. So it’s not like they can’t or won’t track users as a paid service, they just have no reason to let carriers do it on their equipment.