Author: Tom Kemp
Published: Sep 02, 2025
Just like websites can track you, mobile apps can also allow app developers to monitor your online activity and collect your personal information. From there, companies may sell or share this data with data brokers or other third parties. This month’s blog post will explain how mobile apps can gather and use your personal data, and how to limit this from happening.
How and Why Mobile Apps Track You Online
Mobile apps track your activity differently than websites do — websites often use cookies to monitor your behavior online. Instead of cookies, apps rely on a mobile advertising ID (MAID), which is uniquely assigned to each device. On Apple iOS devices (such as the iPhone), they are called Identifiers for Advertisers (IDFA), and on Android, they are called Google Advertising ID (GAID). Mobile apps can send a device’s precise location data (along with other personal information) to back-end servers on the internet that mobile app developers operate. Mobile app developers pair the information with your MAID and may sell or share this personal data with third parties.
In some cases, mobile app developers may even embed third-party software development kits (SDK) directly into their apps. SDKs — used to facilitate in-app advertising — transmit your data to multiple parties simultaneously while you use an app. If you grant permissions to the app — such as access to your camera or location — then any third-party code embedded in the app receives those same permissions. Notably, the Federal Trade Commission has found abuses by mobile app developers in the sale and sharing of geolocation data and healthcare-related data.
How to Limit Mobile App Tracking
If all of this seems daunting, don’t despair! The CPPA is here to help you protect your mobile privacy. Follow the steps below to limit the ability for businesses to track you via mobile apps.
Disable Ad ID tracking on iOS and Android
Mobile devices have settings that give you more control over whether ads are targeted at you based on your browsing activity or app usage. For example, you can reset or delete your MAID by opening the privacy settings on your phone and selecting “advertising.” You can also turn off “ad personalization” to stop ad targeting based on your past activity.
Civil society groups, such as Consumer Reports and the Electronic Frontier Foundation, as well as industry advertising groups such as the Network Advertising Initiative (NAI), provide step-by-step guides on how to disable ad ID tracking on your mobile devices.
Limit which apps can access your location data, contacts, or photos
Using the privacy settings on your phone, you can access your location settings and disable apps that may have been granted location privileges, which they may be using to sell your precise geolocation data to data brokers.
In addition to location, some apps may request access to information on your device, such as your contacts or photos. Check your smartphone’s privacy settings to see what data they can access. Consider disabling unnecessary permissions or removing apps that ask for more access than they need to work.
Block third-party SDKs from transmitting in-app data
Apple offers a feature called App Tracking Transparency (ATT) built into its iOS mobile operating system, which prompts users to decide if they want to allow third-party app tracking performed by SDKs embedded within each app. Google’s Android does not include a native ATT equivalent to block third-party trackers; however, third-party apps are available on Android to provide app tracking protection. Read reviews to learn about the features and select the app tracking protection that best suits your needs.
Stay in Control
Protecting your privacy on mobile apps does not have to be complicated. The simple changes above can make a big difference. Continue to visit Privacy.ca.gov for more resources to protect your privacy.