Cyber Smart Guides

How Apps Track You

The apps on our devices are constantly collecting personal data. It’s important to be aware of what you are sharing, how it is being collected, and what you can do to limit unnecessary data collection. This article will go through the how and why of app tracking, ways to be aware of and limit it, and the risks associated with it.

On this page: Tracking vs. Data Collection | Why apps track you and what they see | How apps collect data about you | Risks to your data and identity |  Check and limit tracking and data collection | Quick reference glossary

Tracking vs. Data Collection

When apps are tracking you, that doesn’t just mean checking your location (although it can). Tracking refers to the practice of recording user activity and behavior. Apps implement complex data collection systems to track user habits, interaction patterns, and personal information.

"Tracking" and "data collection" are often used interchangeably. While there may be some nuances, in the end it's all about gathering as much info about you as they can, which can be used in a number of ways. 

It's important to know that what is being tracked and the data that's being collected is not limited to what you willingly enter on a single site. An app may be able to track what you're doing in other apps, your physical location, and other info even when you're not actively using it.

Why are apps tracking me, what can they see (and what do they do with the data)?

Not all data tracking is unnecessary—there are many cases in which it's essential to the functionality of an app. Google Maps would lose a lot of its utility without the ability to track your location. However, data is also collected to serve the business interests of the app owners. This info is used to personalize user experiences, more effectively advertise, and learn about what changes should be made to the apps that result in profiles that can be analyzed by app owners. These user profiles include details such as how much time you spend looking at certain things, responses to ads, and interactions with different parts of the app.

Data collected can also include information on your device that you allow the app to access by granting it certain permissions, such as location. This information can span across several apps, such as when third party advertisers retarget users with specific content based on their activity somewhere else. 

This type of data collection can be useful by contributing to app and service improvements. However, many apps also sell the data they collect to third parties, including marketers, law enforcement, political parties, and government agencies. How this data is used can vary and, in some cases, pose serious legal and even physical risks to an individual.

How apps track and collect data about you

Apps track your activity in a variety of ways; there is an abundance of different software that can be used through an app to track your device and collect data on you and your habits. 

  • Device Identifiers: Apps can track your device through unique identifiers such as International Mobile Equipment Identity (IMEI) or Advertising ID for mobile phones and Media Access Control (MAC) address for network devices.
  • Cookies and Tracking Pixels: When you use a web-based app or visit a website, cookies may be stored on your device to track your activity. Similarly, tracking pixels embedded in emails or web pages can track user interactions.
  • GPS and Location Services: Many apps request access to your device's GPS and location data to provide location-based services. This information can be used to track your movements.
  • User Accounts and Social Media Integration: Apps often require you to create user accounts or sign in through social media platforms. This allows them to track your activity across different devices and platforms.
  • Analytics and SDKs: App developers often integrate third-party analytics services and software development kits (SDKs) to gather information about user behavior, demographics, and device characteristics.
  • Permissions: Apps request various permissions to access features and data on your device, such as contacts, photos, and microphone. While these permissions are often necessary for app functionality, they can also be used for tracking purposes.

Risks to your personal data, identity, and cybersecurity

  • Privacy Concerns: App tracking can lead to the collection of sensitive personal information without user consent, raising concerns about privacy and data security as well as transparency and accountability. 
  • Targeted Advertising: Tracking allows advertisers to build detailed profiles of users and target them with personalized ads. This can result in intrusive advertising and manipulation of consumer behavior.
  • Data Breaches and Security Risks: Accumulated user data can be vulnerable to security breaches, leading to unauthorized access and misuse of personal information. In serious cases user profiles may be susceptible to identity theft or fraud, posing a significant risk to users' financial and personal security.
  • Stalking and Harassment: Location tracking, in particular, can enable stalking and harassment if misused by malicious individuals or organizations.
  • Government Tracking and Spying: Some countries may seek to access your personal data for a number of purposes, often by requiring that foreign travelers install an app. If you are traveling abroad, be aware of laws and practices in the country you're visiting and know that your online activity may be subject to a greater level of tracking.

What you can do to check and limit tracking and data collection

It can be difficult, and that's usually by design. For many companies, tracking your behavior is a core part of their business. Determining whether an app is collecting data requires a combination of observation, understanding permissions, and reviewing privacy policies. The safe assumption is that most of your apps are constantly tracking your behavior, even when you're not using them. Here are some methods to help you identify if an app is tracking you and quick actions to take to enhance your control over it:

Before installing an app, research its reputation and reviews from other users. Look for any reports of privacy violations or data breaches associated with the app. Download apps from the App Store and Google Play. Apps downloaded from unknown/untrusted services may come with malware.

Take some time before installing to check what permissions an app asks for and the types of data it collects. On each app's page, the App Store includes a useful App Privacy section and the Play Store has a Data Safety section.

You should also be careful even with apps downloaded from Google and Apple, as there are instances of malicious apps being approved for distribution.  

When you install an app, be cautious about granting the permissions it requests and carefully review the privacy settings in the app and your device’s settings. Permissions such as access to your location, contacts, camera, microphone, and other personal data can indicate that the app may be collecting information.

Check how to review permissions on your Google/Android and Apple devices.

Additionally, review the app's privacy policy (even though they're usually long) to understand how it collects, uses, and shares your data. Look for information about third-party data sharing, advertising partners, and data retention policies. Be wary of apps with vague or overly broad privacy policies.

Some websites use tracking technologies like cookies, tracking pixels, and device identifiers to monitor user behavior across platforms and devices. Consider using privacy-focused browser extensions to detect and block these tracking technologies. 

Every once in a while, clear your cookies by visiting settings within an app itself or your device settings and clearing the cache and/or history. Here are some instructions for clearing your cache/cookies on Google Chrome,  Safari on a mobile deviceSafari on MacBook, and in Android apps.

Consider installing security software such as MalwareBytes on your device that can help detect and block tracking attempts by malicious apps or websites.

Many apps track your behavior to deliver personalized ads. You can opt out of personalized advertising on both iOS and Android devices. 

  • In iOS, go to Settings > Privacy > Advertising and enable "Limit Ad Tracking."
  • On Android, go to Settings > Google > Ads and enable "Opt out of Ads Personalization."

Apps often present security risks and vulnerabilities. If you are not using an app, chances are you are not updating it regularly and should remove it. If you don't use an app much but still want it, iPhone and Android automatically disable permissions for infrequently used apps. The next time you use the app, permissions are restored.

Pay attention to the app's behavior, such as displaying targeted ads or recommending content based on your browsing history. If the app seems to know a lot about you without explicitly providing that information, it may be tracking your activity. If something feels off about an app's behavior or data collection practices, trust your instincts and consider uninstalling the app or limiting its access to your data.

Quick reference glossary

Here are some quick definitions to further understand app tracking and data collection. 

Advertising ID is an identifying code assigned to a mobile device by its maker. It can be sent to advertisers or other third parties, who use it to track your device’s movements and activity, including app usage and user habits.

A cookie, in tech terms, is a file websites use to store information about its users. This can be info essential to the function of the site (the fact that you've logged in, for example), but cookies can also be used to harvest personal information and track your browsing history, even after you've left the site. Browsers have a variety of settings that help you control the types of cookies attempting to collect info about you.

Data retention policies dictate what data apps collect and how they get rid of that data when they no longer need it. Apps have specific guidelines on how and where they store your data, and for how long before it is disposed of.

Data traffic, or network traffic, is the amount of data that is moving across a network at a given time. Keep an eye on data traffic for your device by using network monitoring tools.

Every mobile phone on Earth has a unique 15-17-digit serial number, called its International Mobile Equipment Identity. These are stored in large databases called Equipment Identity Registers, and are generally used to identify stolen devices and place them on blocklists to prevent them from being used.

A MAC address is a unique 12-character alphanumeric code that identifies a device on a network. They can be used to track devices’ movements and many device vendors such as Apple and Android have started using MAC address randomization to prevent tracking.

Network monitoring tools collect data from devices across a network and keep tabs on metrics such as traffic, data usage, and other information that helps keep devices secure. Systems like LibreNMS and PRTG can be helpful for users to check on their device’s security.

An operating system (OS) is the underlying software that runs your tech. Mac, Windows, Linux, iOS, and Android are all examples of an operating system. It's important that you keep your OS, both on your phone and computer, up-to-date in order to avoid cybersecurity vulnerabilities.

Software Development Kits are often necessary for developing apps for certain platforms, such as iOS or Android. They are software packages that serve to help the app’s functionality in some way, but often those provided by third parties can collect data and send it back to the developer.

Tracking pixels, also known as spy pixels, are small code snippets loaded when you open emails or websites. This allows website operators, advertisers, and others to get records of your behavior and habits. Often the data from these pixels is used in reconfiguring ads and customizing user experiences.


Back to top

Contact NYU IT