I’ve often written here about how companies exploit our tendency to accept lax security defaults. People don’t have time to read thousands of pages of terms of service or bother to ask why a mobile game needs to know their ID and location. (It’s usually to sell your info to advertisers.) And once you’ve given permission on installation there is little to be done to monitor their activities – assuming they even play by the rules.