If you have a smartphone, it probably is a significant part of your life, storing appointments and destinations as well as being central to your communications with friends, loved ones and co-workers. Research and investigative reporting continue to reveal the degree to which your smartphone is aware of what you’re up to and where you are – and how much of that information is shared with companies that want to track your every move, hoping to better target you with advertising.

Several scholars at U.S. universities have written for The Conversation about how these technologies work, and the privacy problems they raise.

1. Most apps give away personal data

A study based at the University of California, Berkeley found that 7 in 10 apps shared personal data, like location and what apps a person uses, with companies that exist to track users online and in the physical world, digital privacy scholars Narseo Vallina-Rodriguezand Srikanth Sundaresan write. Fifteen percent of the apps the study examined sent that data to five or more tracking websites.

In addition, 1 in 4 trackers received “at least one unique device identifier, such as the phone number … [which] are crucial for online tracking services because they can connect different types of personal data provided by different apps to a single person or device.”

2. Turning off tracking doesn’t always work

Even people who tell their phones and apps not to track their activity are vulnerable. Northeastern University computer scientist Guevara Noubir found that “a phone can listen in on a user’s finger typing to discover a secret password – and […] simply carrying a phone in your pocket can tell data companies where you are and where you’re going.”

3. Your profile is worth money

All of this information on who you are, where you are and what you’re doing gets assembled into enormously detailed digital profiles, which get turned into money, Wayne State University law professor Jonathan Weinberg explains: “By combining online and offline data, Facebook can charge premium rates to an advertiser who wants to target, say, people in Idaho who are in long-distance relationships and are thinking about buying a minivan. (There are 3,100 of them in Facebook’s database.)”

4. Rules and laws don’t exist – in the US

Right now in the U.S., there’s not much regulatory oversight making sure digital apps and services protect people’s privacy and the privacy of their data. “Federal laws protect medical information, financial data and education-related records,” writes University of Michigan privacy scholar Florian Schaub, before noting that “Online services and apps are barely regulated, though they must protect children, limit unsolicited email marketing and tell the public what they do with data they collect.”

European rules are more comprehensive, but the problem remains that people’s digital companions collect and share large amounts of information about their real-world lives.