According to a report from the WSJ, a contractor for the US government embedded software in over 500 apps, which was used to track millions of people worldwide.
The report says that, "a small US company with tis to the US defense and intelligence communities has embedded its software in numerous mobile apps, allowing it to track the movements of hundreds of millions of mobile phones world-wide, according to interviews and documents reviewed by The Wall Street Journal."
The company is Anomaly Six LLC, which boasted in marketing material that it is "able to draw location data from more than 500 mobile applications" from its own SDK. And it is embedded directly in some apps.
Having said that, you might want to think twice before allowing an app to track your location. It could be sent somewhere you don't want it to go.
The US government isn't the only client
It's bad enough that the government contracted this company, but Anomaly Six LLC also is contracted with "private-sector clients". Thought the WSJ wasn't able to find out what companies those might be. It also told the WSJ that it restricts the sale of US mobile phone movement data only to the private sector.
That's pretty scary, that many clients could have access to all of our location history, and not from getting it from Google but by implementing trackers into other apps that you download.
Anomaly Six told the WSJ that it "leverages detailed location data from numerous first-party sources to provide insights into groups, behaviors and patterns." Anomaly Six also acknowledged the "intense scrutiny" over the government having such data. But it defended itself by saying that the data it works with is commercially available and compliant with the law.
How is this possible?
How is it possible that Anomaly Six LLC could embed its own software into other apps? Well, it's simple actually. App publishers will often allow third-party companies to insert SDKs into their apps. This is one way they make money. The SDK maker can then sell the consumer data harvested from the app. Then the app publisher would get a chunk of the revenue.
However, consumers have no way of knowing whether SDKs are embedded in the apps that they use. Privacy policies aren't required to disclose this information.
Anomaly Six LLC says that it embeds its own SDK in some apps. And added that it can also get location data from other partners.