I assume every app that has location permission does this. I can't imagine google doesn't, or the phone company. I don't think it's right (and even less right that apparently google will provide this information to law enforcement). I just think the only practical thing to do is assume you are being tracked and don't install apps unless you're ok with the tradeoff.
The flip side of this, is why would I ever install a Tim Hortons app, why do I think they are offering an app, and what possible meaningful benefit (even assuming I went there regularly) would I drive from having an app?
I have the app and it's surprisingly useful, mostly because Tim Hortons can have pretty long, slow lines. I'll usually place my order when I'm a few minutes away so that I can simply grab my order and walk out.
It can also be helpful if you show up and there's a long lineup. Mobile orders get pushed to the front of the line, so instead of waiting in line you can place a mobile order and go grab it right away. I feel a bit guilty doing that though.
My anecdote is that once I was traveling on the 401 and stopped at an ONroute to grab a coffee. The line was extremely long and not moving at all, I had time to download the app, register, place an order, see it print out at the register and someone took it an made my coffee before the line even moved. I just quit the line, moved to the empty section where the mobile orders are and picked up the coffee as I was deleting the app.
> Mobile orders get pushed to the front of the line, so instead of waiting in line you can place a mobile order and go grab it right away.
Interesting, so customers pay for queue priority with their location data. Except the problem is it's not a fully consentual agreement, customers aren't explicitly aware of the arrangement.
My apathetic side says we're entering a world where it's so inconvenient to have privacy that we'll probably not bother.
It's always weird though on iOS; many times I've selected "Only while using the app" and then a day or two later I get a pop up that "{app} has used your location data 53 times in the last 24 hours" which never makes sense considering I never opened the app.
Is the prompt about the app requesting your permission using the API designed for that?
And is the counter about the app making background data requests? Any network request can be used to infer permissions from your IP address?
That IP addresses can be mapped to physical locations is unfortunate but usually the precision is bad (eg enough to know what town you're in, but not where in the town)
It isn't really an app though, it's one of those half arsed SPA in an webview that CONSTANTLY updates the large JS payload whenever you open it. Agree about the line bypass feature.. Tims can be insanely slow at rush hours.
They also switched Roll Up the rim to REQUIRE the app if you want to roll (2? 3 years ago?) - I hope a successful lawsuit comes out of that given this privacy ruling.. a lot of people were forced to install the app just so they could collect an occasional free coffee/doughnut. If they did that last minute at the counter they wouldn't even have read the permissions (a similar argument to that which renders many EULA invalid in Canada).
I used to go there a ton and I wanted to see if there were any good deals, see if my go-to was in stock, accumulate rewards, and check hours if I went to a new store. The app theoretically provides the "best" experience as well -- I've yet to see a mobile website recently for something I use day-to-day that isn't trying to push me towards the mobile app, or was clearly never tested on a real device. (Obviously, that's the ideal, but such is the state of things.)
The website didn't really suffice because the UX was bad, and wrestling with it got tiring. Apple+Google's hours were never quite correct.
In retrospect you probably feel pretty silly for falling for such a stupid ploy to rape your privacy just so you can save a nickel on a donut. I know Canada's in a food crisis but is it worth your soul?
I strongly disagree with the way people just throw up their hands and accept defeat. It is possible to have privacy on the Internet. Projects like Tor, I2P, and Nym are working to make this a reality. Fight back against the surveillance capitalist dystopia. Normalize privacy.
Android too. On later versions of Android, background location access isn't even option unless the app explicitly requests it, and even then the user has to manually go into settings and enable it (the app can't trigger a prompt).
This is why I install so few apps. Yes granular permissions are a thing, but I always ask myself am I okay with this app potentially getting my data even if I saw no thanks to some yet-unknown side channel attack? Google apps are whatever because obviously they already have my data since I'm on Android.
Yes, I am waiting patiently for the backlash against everyone and their brother "needing" you to install an app. Every device you buy, every new service you sign up for, they all want you to install an app that easily could have been a web page. My phone contains none of this (ok, I have 6 apps that I consider essential and they all have permissions as restrictive as possible, and I honestly even feel a little dirty with a few of those). My old phone, which spends 99% of its life in a drawer in airplane mode, is riddled with trash apps like my Asus router setup app and any app that is forced down my throat by a product that I want to use and can't be properly set up without installing an app. Loyalty program app? Not a chance. I have no idea what group of clowns wrote that thing, but one thing I do know is that it was outsourced most of the time.
I look forward to the day when we've reverted back to simple web-based interfaces and most of the general public says "install an app? yeah, right" because they've learned not to trust that shit.
Yup completely agreed. Restaurant chains badly wanting everyone to install apps is one that really annoys me. Mind you the general hunger for data even beyond mobile bugs me. I went and bought shoes a few weeks ago and they needed my email address as that was how I would get my receipt. So of course now they keep sending me all their sales bullshit. It is all incredibly frustrating and stupid.
For what it's worth, the email address for receipt thing is not always a marketing scam. Home Depot asks if you want a receipt emailed to you, and they have never sent marketing emails. Furthermore, they link the email address with the card you used to pay, so the next time you buy something it auto-fills the email address field. If it's a one-off purchase it's not worth it, but if you buy stuff there all the time (often expensive stuff that might need to be returned), having emailed receipts is great.
Same, also on Android. I have maybe half a dozen apps installed that did not come with my phone. Most of the apps that did come with my phone I have removed or disabled.
I also keep location turned off unless I am actively navigating in Google Maps. I know that doesn't eliminate all tracking but it's an easy thing to do.
On the flip side, people install the app because they usually are how the rewards programs are implemented now.
From the app page:
Mobile Order & Pay
Select and customize your favourite food and drinks, choose your preferred Tim Hortons location, and pay from the app. It’s now that easy to order your favourite Tim Hortons items from your phone.
Personalized Menu
Add recently ordered items with one tap. Customized orders are saved on your menu so you can get your order just the way you like it.
Tims® Rewards
After just seven eligible purchases, receive your choice of a FREE coffee, tea or baked good. Keep checking for more special offers to come. It’s time to reward your routine!
Scan for Tims® Rewards
A digital version of your loyalty card that you can scan easily when ordering in the restaurant – never miss an opportunity to earn rewards.
Scan to Pay
Save time and pay for your order right from the app -- no need to carry cash or a credit card!
Take Out, Dine In or Drive Thru
Choose your pick-up method. Payment is completed in-app, so you can grab your order to go, or dine in with us. Your choice.
I must be an outlier. On the remote ordering side, I feel like inevitably it won't work out and will end up taking as much time as just ordering - but I do see the the appeal if it works well enough that it doesn't leave me pissed off once a week because they gave away my order or something.
For the rest of it, it's just a meaningless distraction to me. I have enough going on without caring about tracking coffee rewards, or managing yet another payment method. I just don't find they make my life easier, and they take time and focus, plus nudge me to buy stuff I don't need or load money onto cards or whatever. I have frequent flyer memberships for the perks, but otherwise I've always found loyalty cards to be a gimmick, even more so when they want me to install a data harvesting app.
They have frequent heavy discounts on certain items. I often eat there anyway, and almost half price for a meal at least once a week is a good deal. (I know, I know, spending money on cafes is a "waste of money", I can already hear you say it. For me it's not, trust me.) Plus, a free XL coffee/tea every 7 purchases if you're a regular customer is a no-brainer.
(You can deny the Location permission prompt if that bothers you. You don't even need the app to collect points, just register once and delete it, but you do need to manually "activate" offers that are then linked to your card.)
This is the reason I've been so frustrated with working with bluetooth devices on Android. Android places all bluetooth usage under Location permissions, and if you need talk to bluetooth devices in the background, users have to manually consent to background location tracking, even though that's not what we want to actually do.
Unless I'm misunderstanding you, none of this is true for the Android devices I've owned. Vendor specific perhaps? Devious way to do it. Doesn't Apple suffer with the same problem (location+bluetooth tied?)
That article says that from Android 6-12 if an app wanted to scan for bluetooth it ALSO had to require the location permission. Not that BT had hidden location information. As of Android 12 apps could bluetooth scan without requesting/enabling location.
That's what the person you're replying to said as well. In order to use Bluetooth, their app had to request a location permission from the user. If they wrote an app targeting a version of Android before that range, the permission would be requested for them even if their code didn't explicitly request it. If they targeted a version in that range, they would have to request the permission at build time.
IIANM, this is only when _scanning_: as soon as you pair/bond with a device, the app can communicate with it even with the location permission switched off.
I don't see why Google would sell your location data to others. Store your location data? Absolutely. Use your location data? Absolutely. Target ads to you based on your location data? Absolutely.
Sell it to others, though? No way. Why would they give away their valuable advantage? It's very much in their interest to stop anybody else from getting that information, and I trust them to be self-interested.
https://policies.google.com/privacy is pretty comprehensive, and details pretty much everything about what Google does with various types of information.
>The flip side of this, is why would I ever install a Tim Hortons app, why do I think they are offering an app, and what possible meaningful benefit (even assuming I went there regularly) would I drive from having an app?
All of the fast food restaurants now offer "deals" and/or points only available through the app. Tims popular game "Roll up the Rim to Win" used to be printed on the cups, and is now only available through the app.
I wouldn't install them anyways, but lots of people have no idea how compromising these applications are to their privacy, and wouldn't infer the amount of information collected even if they read the privacy policy.
These sorts of spying applications should just be banned.
Nothing will change due to this investigation, and I doubt Tims will be fined any amount that would actually stop them from doing it, and no one will go to jail.
Discounts, freebees, coupons, loyalty club benefits and other financial incentives, usually. Pretty much the only reason you want it, because all these kinds of things usually do otherwise is nag you that you're near one of their locations.
But that's like not native and so unhip. I'm convinced the whole push to get away from mobile web to native app is solely for the personal data hovering for the vast majority of apps.
For example, a friend just downloaded the Wayfair app. Why is that necessary? She saved a couple of items, and now the app relentlessly notifies her about things even with notfications off. Doesn't happen with a mobile website.
One of my deepest worries about the field of software engineering is what happens when people in general stop responding to ads or irritating demands to engage. Suddenly, the demand for software becomes much smaller than it is today.
I'm never happy about people no longer having jobs, but there's an entire swath of the industry specializing in building crap apps/sites specifically to 'all your data now belong to us' that could just go away and make the planet a better place. That's one of the rare occassions that I actually agree with that lame SV phrase.
You can't win either way. Push for web apps and the necessary capabilities in the browser to make rich web apps and you get hit with "but browser fingerprinting!" malarkey from the privacy fetishists.
That's a simple thing to just not do and is a lame excuse.
If you're doing browser fingerprinting and get called out for it, you're the one full of malarkey. Building a web app does not require being shady, just as building a native app does not require one to do nefarious things. The devs* in either scenario choose to do it.
*Devs meaning whoever is behind it whether it is corpOverloards or shaddy devs, a dev somewhere obliged the overloards wishes.
The Tim Hortons app doesn't do this. I don't think it sends any notifications at all, at least I've never gotten one and I haven't disabled notifications.
That was meant as a general statement about many of this class of apps; sorry if that wasn't clear. So the TH app doesn't nag you, it just takes wildly inappropriate amounts of data that it has no legitimate business collecting. Awesome...they have that going for them.
Not just the location permission; apps have been found to scan pictures taken to build a location history out of the location metadata that is stored in pictures and such.
Practically speaking, unless you disable location tagging in pictures, any app with media access can track your coarse location history, depending on how many pictures you tend to take throughout the week.
It's their attempt at keeping up with Starbucks, who locked in the app game years ago. A better question is why would anyone go to Tim Hortons in the first place
Because it's ubiquitous and highly consistent, they have decent food and tea/coffee, it's relatively cheap and very fast, it's a great place to meet friends or work from home (away from home), and most of them are open until midnight at least, if they're not 24 hours.
I was being a bit facetious, but it is really hard to work remotely from Tims, and it doesn't really function like a cafe in the community sense. 24 hours is nice, I'll grant them that, but they fight tooth and nail to not pay their workers even 10c more per hour and strive for cheapness above all else. There's a place for that, but if the only cafe within a 20 min walk is Tims, that place would suck to live, and that's pretty often the case.
> it doesn't really function like a cafe in the community sense.
Some do, and those are the ones I frequent. At mid-day and early afternoon it is often very busy with people that hang around for half an hour or more—not just to eat, but to socialize. The amount of first dates I've witnessed (universally older people, often divorced), mothers or fathers with babies or toddlers catching up with a friend, college-aged people having openly-public heated discussions about their sex lives, old biker dudes planning their next trip and going on the wildest tangents about mystery vacations picked by lottery, primary-aged boys arriving by bike to get an iced cappuccino and hang around talking, work colleagues planning a company outing and dissing their other colleagues, etc. is incredible. Dozens and dozens of interactions that I've observed. And I haven't even mentioned the staff yet: the ones nearby me are almost always jovial and are free to discuss things among themselves, plainly audible due to the open kitchen designs, and listening to them is oddly inviting. Also, most of them don't play music, or if they do it's pretty quiet and is not distracting.
The flip side of this, is why would I ever install a Tim Hortons app, why do I think they are offering an app, and what possible meaningful benefit (even assuming I went there regularly) would I drive from having an app?