Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    The influencer in this Vodafone ad isn’t real

    September 8, 2025

    Google finally details Gemini usage limits

    September 7, 2025

    GM slows EV production as tax credit nears expiration

    September 7, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location
    Security

    Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location

    News RoomBy News RoomJanuary 14, 20253 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    Some of the world’s most popular apps are likely being co-opted by rogue members of the advertising industry to harvest sensitive location data on a massive scale, with that data ending up with a location data company whose subsidiary has previously sold global location data to US law enforcement.

    The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush and dating apps like Tinder to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem—not code developed by the app creators themselves—this data collection is likely happening without users’ or even app developers’ knowledge.

    “For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising ‘bid stream,’” rather than code embedded into the apps themselves, Zach Edwards, senior threat analyst at cybersecurity firm Silent Push and who has followed the location data industry closely, tells 404 Media after reviewing some of the data.

    The data provides a rare glimpse inside the world of real-time bidding (RTB). Historically, location data firms paid app developers to include bundles of code that collected the location data of their users. Many companies have turned instead to sourcing location information through the advertising ecosystem, where companies bid to place ads inside apps. But a side effect is that data brokers can listen in on that process and harvest the location of peoples’ mobile phones.

    “This is a nightmare scenario for privacy, because not only does this data breach contain data scraped from the RTB systems, but there’s some company out there acting like a global honey badger, doing whatever it pleases with every piece of data that comes its way,” Edwards says.

    Included in the hacked Gravy data are tens of millions of mobile phone coordinates of devices inside the US, Russia, and Europe. Some of those files also reference an app next to each piece of location data. 404 Media extracted the app names and built a list of mentioned apps.

    The list includes dating sites Tinder and Grindr; massive games such as Candy Crush, Temple Run, Subway Surfers, and Harry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with more than 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo’s email client; Microsoft’s 365 office app; and flight tracker Flightradar24. The list also mentions multiple religious-focused apps such as Muslim prayer and Christian Bible apps, various pregnancy trackers, and many VPN apps, which some users may download, ironically, in an attempt to protect their privacy.

    The full list can be found here. Multiple security researchers have published other lists of apps included in the data, of varying sizes. Our version is relatively larger because it includes both Android and iOS apps, and we decided to keep duplicate instances of the same app that had slight name variations to make it easier for readers to search for apps they have installed.

    Although this dataset came from an apparent hack of Gravy, it is not clear whether Gravy collected this location data itself or sourced it from another company, or which location company ultimately owns it or is licensed to use it.

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleNew US Rule Aims to Block China’s Access to AI Chips and Models by Restricting the World
    Next Article Samsung announces more flexible trade-in program, no purchase required

    Related Posts

    No, Trump Can’t Legally Federalize US Elections

    September 6, 2025

    SSA Whistleblower’s Resignation Email Mysteriously Disappeared From Inboxes

    September 6, 2025

    Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn

    September 5, 2025

    How to Stop Using Passwords and Start Using Passkeys

    September 5, 2025

    China Is About to Show Off Its New High-Tech Weapons to the World

    September 4, 2025

    This Is the Group That’s Been Swatting US Universities

    September 3, 2025
    Our Picks

    Google finally details Gemini usage limits

    September 7, 2025

    GM slows EV production as tax credit nears expiration

    September 7, 2025

    Computer chips, with a side of forever chemicals

    September 7, 2025

    A really cheap way to get really smart lights

    September 7, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Science

    China Is Building a Brain-Computer Interface Industry

    By News RoomSeptember 7, 2025

    Given these and other recent milestones, Peng says it’s realistic to think that at least…

    The Doomers Who Insist AI Will Kill Us All

    September 7, 2025

    Pocket Scion is a synth you play with plants

    September 6, 2025

    Bluetti says it can reduce vanlife power installations to ‘30 minutes’

    September 6, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.