The (Canadian) Financial Post has a truly horrifying story about out-of-control tracking by the chain coffee shop Tim Hortons. James McLeod uses the Tim Hortons ordering app on his Android phone so he could order his “morning medium coffee with two cream plus a toasted everything bagel with herb and garlic cream cheese.” The app, of course, wanted access to his location data, ostensibly to locate the closest store.
Then one day his Android OS was updated and he got a notification that Tim Hortons had obtained his location in the background. He wasn’t using the app at the time and didn’t understand why it would be accessing his location data. Under Canadian law he was entitled to a copy of the data Tim Hortons was collecting so he requested it.
The result was shocking. Tim Hortons—or, rather, their parent company Restaurant Brands International (RBI)—had a very granular record or his movements. They knew when he left home, when he was at work, when and where he took an out-of-country vacation, when he went to a ball game, and when he visited Tim Hortons’ competitors. They also knew when he visited his girlfriend. RBI was unapologetic saying, in effect, that it was up to the users to set their phone access parameters to whatever level they desired. Of course, at the time he installed the app, Android’s choice was binary: allow access to location data or not.
I can’t begin to capture the full outrageousness of RBI’s actions so you really should read the full article. I should also mention that Burger King and Popeyes are also RBI companies with their own apps so if you’re an American you shouldn’t be smug. If you’re using an app from one of these companies you should be aware that your movements may be being tracked in disturbing detail.