Last week, DuckDuckGo announced that it was adding App Tracking Protection to its mobile app on Android, and the firm was nice enough to give me an invite to the beta. And from what I can tell over several days of usage, this feature works quite well. And I’m more than a bit troubled by the secret tracking activity it’s discovered—and blocked—on my phone.
Tracking protection is simple enough on the desktop, at least for web apps: just install an extension like uBlock Origin or DuckDuckGo Privacy Essentials and you’re good to go. Mobile, of course, is a bit trickier. On the iPhone, Apple added privacy controls, including mobile app anti-tracking functionality, in IOS 14.5 back in April. But we’re unlikely to see anything like that on Android. Google, after all, makes the vast majority of its revenues from advertising, and that requires them to allow tracking throughout Android.
Enter DuckDuckGo, which has found a unique solution to this problem: because Android supports the notion of a local VPN (virtual private network), the DuckDuckGo creates a fake VPN using this capability. This fake VPN doesn’t route traffic through an external server, like a real VPN does. Instead, everything happens right on your phone, and because it can run in the background perpetually, you should be protected from app-based tracking.
And my God. Is there a lot of app-based tracking in Android. Even more than I had imagined possible.
Over the past 3-4 days alone, 17 of the apps on my phone have made over 5,000 tracking attempts. Some of the apps, like the Bose Music app, are apps I have never even used since installing them, or apps I’ve only used very rarely. Some of them are from legit heavy hitters like The New York Times app or Fitbit, which is ironic since I use that app with a wearable fitness tracker.
Today alone, Fitbit has tried to track me (non-fitness-related) 85 times. The Washington Post? 22 times. United, an app I’ve not even signed into yet, has tracked me 12 times. Zillow, which I’ve never used, 35 times. The Bose Music app, 73 times. On and on it goes.
You can select any app entry to see which trackers they’re using. Dunkin’, for example, uses Verizon Media (24 attempts), Apptentive (17), New Relic (6), and, naturally, Google (2). Fitbit, meanwhile, only uses one tracker, Optimizely, but it tried to track me 115 times. What you can’t do is tap on one of these entries to see what types of things they track, which might be interesting. I Googled a few of these companies because I was curious.
If you do find an app that’s not working correctly and suspect it might be caused by DuckDuckGo, you can disable tracking for just that one app. Oddly, you can’t do that by selecting the app in a list. Instead, you must navigate to Manage Protection for Your Apps and deselect the app in that list.
One final note about the UX: because DuckDuckGo uses that local VPN capability, you’ll see a persistent VPN icon in the status bar at the top (it looks like a key). And DuckDuckGo, like a few of my other apps (like Fitbit) uses a silent notification, which also puts an icon in the status bar, this time on the left. It’s handy to have while you’re monitoring how App Tracking Protection works, but I don’t like superfluous icons in my status bar. The solution is to disable silent notifications in the status bar in Settings, or to just disable that one notification icon.
Implementation aside, DuckDuckGo takes a starkly different approach to anti-tracking than does Apple. With an iPhone, you will be prompted the first time that any app tries to track you. But with DuckDuckGo, tracking is disabled by default for all apps. I prefer that approach, but because this technology is new and it’s possible that anti-tracking could impair the functionality of certain apps. During the beta, you’re advised to look out for issues, and as noted, you can of course disable anti-tracking for apps as needed. I like it.
Tagged with DuckDuckGo