Tim Hortons Illegally Collected Location Data, Promises it Won’t Happen Again

Tim Hortons Illegally Collected Location Data, Promises it Won’t Happen Again

Mobile apps can be convenient, which is why there are millions of them available for both Android and iOS. It’s common for some apps to request location access, but they can abuse the permission. Such was the case with the official app for Canadian coffee chain Tim Hortons. Canadian investigators have determined that the company misled its customers and collected a huge volume of location data that revealed where people went, even when they weren’t using the app, according to Ars Technica.

According to the Office of the Privacy Commissioner, Tim Hortons originally intended to use its mobile app for targeted ads and promotions, which would rely on location data. It scrapped those plans, but the app was still recording customer movements. The app would ping the user’s location whenever they got near a Tim Hortons location, their home, work, or a sports venue. It used that data for market research, revealing when people switched to different chains and how they changed their behaviors during the pandemic.

A report in 2020 tipped government regulators to the scheme. In fairness to Hortons, once it was pointed out that maybe it was a bad idea to track all its customers all the time, it updated the Android and iOS apps to remove background tracking. The Office of the Privacy Commissioner also noted that the company’s agreements with third-party data brokers could allow anonymized data to be re-identified.

The outcome of the investigation is probably not what privacy advocates wanted. While Time Horton’s has agreed to delete all the location data it collected and direct third-party service providers to do the same, it won’t face any additional punishment or fines. Regulators say the issue is now “conditionally resolved,” pending follow ups from Tim Hortons to prove it has complied with the law.

Tim Hortons Illegally Collected Location Data, Promises it Won’t Happen Again

Apps running on your phone have access to much more personal data than, for example, a mobile webpage would. That’s why everyone seems to want you to install their app. Without any punitive measures, companies have no incentive to be courteous with your privacy. The good news is that it’s harder for another app to pull the same stunt as Tim Hortons. Both iOS and Android now detect when an app has been using your location in the background and will give you the chance to disable it. You can avoid the problem entirely by only granting location access to apps you trust.

Continue reading

Which Is Faster, the Xbox Series X or PlayStation 5? Early Data Says It’s Complicated
Which Is Faster, the Xbox Series X or PlayStation 5? Early Data Says It’s Complicated

Competitive head-to-head data on the Xbox Series X versus the PlayStation 5 is beginning to trickle out.

Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities
Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities

Unlike the last few zero-days, Google didn't find these security holes itself. Instead, it was tipped by anonymous third-parties, and the problems are severe enough that it hasn't released full details. Suffice it to say, you should stop putting off that update.

How Apple Is Collecting Your Data in macOS Big Sur
How Apple Is Collecting Your Data in macOS Big Sur

Apple's new Big Sur has been accused of some serious privacy violations and unfriendly user-access controls. The situation is a bit more nuanced.

Google Uncovers iPhone Exploit That Can Steal Data Over Wi-Fi
Google Uncovers iPhone Exploit That Can Steal Data Over Wi-Fi

According to Ian Beer of Google's Project Zero security team, the flaw allowed him to steal photos from any iPhone just by pointing a Wi-Fi antenna at it.