I’ve talked about the danger of “free” apps before.

In short, while there are free apps that are great (primarily open-source software), most free apps are only free because the monetize their users in non-obvious ways.

Often times this means having an ad platform (or multiple ad platforms) integrated into the app. Often times the ad platforms that pay out the most (and are the most appealing for a developer trying to make money from a free app) have the most sketchy practices.

It seems like Gravy Analytics may have been one of the more sketchy ones. Late last year the FTC released an order prohibiting them (and Mobilewalla) from “collecting, using, and selling ‘sensitive’ location data of Americans”.

An unfortunate update to this story, reported just a few days ago by the Verge (and others):

Last week, major location data broker Gravy Analytics disclosed a data breach that may have resulted in the theft of precise location data for millions of people, reports TechCrunch. That appears to include data from popular mobile games like Candy Crush, as well as dating apps, pregnancy tracking apps, and more, as 404 Media wrote on Thursday, following up its report of the breach two days earlier.

While it’s great that the American government (sometimes) creates and enforces rules to protect profiting from excess data collection, the real crime is that companies (and platforms) allow this kind of data collection in the first place.

The solution: pay for (quality) apps, and if your on iOS, make sure and look at an app’s Privacy Nutrition Label in the App Store. If you’re on Android, you’ve got a tougher job, since although the Play Store does have Data Safety labels, they don’t always tell the truth.