Limiting Location Data Exposure: 8 Best Practices
If you’re like me who grew up consuming spy movies, you would have already been familiar with the notion of geolocation trackers in all sorts of digital devices (which both heroes and villains can use to their advantage). On the flip side, you would also have gotten hold of some tips on limiting location data exposure whenever this need arises for our hero.
Action stunts aside, it’s true that the moment you acquire any type of mobile device, you already set yourself up for location exposure. Yes, including that fitness tracker you bought to complement your New Year’s resolution. By design default, all mobile devices share and store device geolocation.
For mobile devices to work, they inherently require cellular networks and providers, and these cellular providers receive real-time location information for a mobile device each time it connects to a network.
This important chunk of information was recently released by the National Security Agency in its Limiting Location Data Exposure Cybersecurity Information Sheet, to guide mobile device users from National Security System (NSS) and Department of Defense (DoD) on how they could reduce risk associated with sharing sensitive data. While this guide is geared more toward those working on high risk missions involving covert operations, ordinary civilians like you and I can still pick up best practices from this guide.
Before getting there though, here’s a rundown on some other hard truths we need to digest about locations, trackers, and whatnot:
- Your mobile device provides geolocation data as a service to apps. Also known as location services, this is how your favourite delivery app knows where to deliver your milk tea and your grilled chicken.
- Think you’re safe when you turn off your cellular service? Think again. Even Wi-Fi and BT can be used to know a user’s location.
- The risk of getting tracked isn’t limited to mobile devices. Anything that sends and receives wireless signals has location risks pretty much similar to mobile devices. Trust me, you won’t look at a smart refrigerator the same way again.
- Your apps and social media may collect, aggregate, and transmit information that exposes your location. How else could that Facebook ad on a nearby salon show up on your feed then, reminding you of how badly you need a haircut?
8 Best Practices on Limiting Location Data Exposure
At Privacy Ninja, we always advocate for best practices on keeping your personal data safe and your cyber security healthy and in check. Hence, we’re also excited to share with you these practices on limiting location data exposure, even if you’re not dealing with any secret mission.
Whenever applicable and depending on your level of comfort and risk, here are 8 actions you can take with regard to location sensitivities as outlined by the NSA:
- Not ordering or swiping at the moment? Disable location services settings on the device.
- If not needed, disable radios when they are not actively in use.
- Apps should be given as few permissions as possible.
- Disable advertising permissions to the greatest extent possible.
- Turn off settings that allow a lost, stolen, or misplaced device to be tracked.
- Hold that convenient Google search! Minimise web-browsing on the device as much as possible, and set browser privacy/permission location settings to not allow location data storage.
- Use an anonymising VPN to help obscure location.
- No matter how convenient, minimise the amount of data with location information that is stored in the cloud, if possible.
Let’s admit it, mobile devices are as very much a part of our lives as our churned out data and identities. While we cannot put the brakes on this digital progress, we can limit its access to our personal lives, beginning with limiting location data exposure.
Outsourced Data Protection Officer – It is mandatory to appoint a Data Protection Officer. We help our clients quickly comply with their PDPA & data protection requirements.
Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.
Smart Contract Audit – Leverage our industry-leading suite of blockchain security analysis tools, combined with hands-on review from our veteran smart contract auditors.