Posted 20 Jun 2011
Mobile phone apps can collect a lot of private, personal information and share it with others. Most people don't even know this information leakage is happening. You need to know what information is gathered, how it is gathered and who can get it to protect yourself from disclosing too much personal info through your smartphone.
There are lots of types of data that can be collected. They fall into a few broad categories.
Account Info – Many apps ask you to create a user profile to use an app. For example, Facebook requires you to use your user name and password to log into your account from your phone.
Others might simply ask you to create an account to use the app. Since so many people use the same usernames and passwords often, sharing this information could compromise other accounts.
Contacts – Some apps access, transmit and share your entire contact list. If any A-list celebrity has the unlisted information of other A-listers, there could be a serious breach of privacy if that contact list is shared.
Demographics – Your age, gender, income, etc. can be gathered by some apps. Although demographics without a name sounds very anonymous, it does not take much statistical analysis to make much of that data uniquely identifying.
For example, the US census gathers similar demographic information and over 90% of anonymous respondents can be uniquely identified by analyzing their individual responses and comparing it to other publicly available stats.
There is less information shared in the census than many of the apps collect. So it is likely that app data can be used to identify an overwhelming majority of the users, even if there is no name associated with it.
Location – Apps that access location might be able to find the location based on GPS coordinates, triangulation with the cell phone towers, the city, zip code, or by using the IP address the phone uses to surf the internet.
They all have differing levels of accuracy. At the very least someone with access to those stats can tell where you are in the world at a particular time, and might even be able to tell who you are with.
Phone ID – The phone ID is like the serial number of the phone which is tied directly to the user. That unique identifier can lead to lots of other personal information.
Number – Some apps even collect your phone number. If you want to have an unlisted phone number, you have to prevent sharing this detail.
A smartphone is basically a computer that fits in your pocket. Apps are programs that are downloaded onto a smartphone. Those apps can be programmed to access a lot of the data on the phone or to keep track of what the phone is doing (websites visited, text messages, phone calls, etc.).
Each app will be programmed differently and if the programmer decided to collect some figures, they can collect it. Most people are unaware of the amount of information leakage their apps create.
Developers – The person or group that develops the software might collect this info for themselves. Most apps that collect any data at all, probably permit the developer to have access.
Third Parties – Many apps also transmit data directly to third parties, such as marketers.
Both developers and third parties that get data from your phone can do almost anything they want with it. They can sell it to other companies, share it with government, law enforcement or just sell it to any willing buyer.
How much gets shared is usually limited by the user agreement, which should be disclosed to app users. In reality, these agreements are extremely broad and let developers and third parties do whatever they want with the information leakage their app creates.
Sometimes giving an app access to sensitive personal stuff can be helpful. A maps application that gives you directions based on your GPS location can be very helpful, especially when you are visiting a new, exotic city on a regular basis. Other apps could also provide helpful functions if given access to some sensitive, personal data.
Other times, there seems to be no functional reason why an app needs the data it is trying to access other than to gather data for marketing or other purposes. Angry Birds would work just as well if it didn't collect your contacts and location information. The app developer would have less data to sell though.
Before downloading an app and having an information leakage, research it to see what data the app can access. Don't just download something because everybody is doing it. A lot of people have shared their contact list by downloading Angry Birds, but you do not have to join them.
Check the data that an app can access when you download it. They usually disclose this information when you try to download. If it needs more than you are willing to share, find another app.
Check the apps you already have on your phone to make sure you aren't already broadcasting your life to strangers you don't know.
Smarthphones are a handy tool to have. They can also expose a lot of your sensitive data if you aren't careful. Use good judgment when using applications that might be disclosing your information. You might even use a prepaid smartphone to reduce the risk you have of disclosing data. There are lots of other great tips on how to protect your personal data on smartphones in the book How To Vanish.
