While looking through my iPhone apps this morning, I found it disturbing that I really do not know what data all these mobile apps on my phone are collecting. We should not have to browse to a mobile app site to read their privacy policies – only to find out that we have limited choices, if any at all (if we want to use their software), in restricting the personal data that they collect.

What is going on, according to experts, is that applications like Angry Birds and even more innocuous-seeming software, like that which turns your phone into a flashlight, defines words or delivers Bible quotes, are also collecting personal information, usually the user’s location and sex and the unique identification number of a smartphone. But in some cases, they cull information from contact lists and pictures from photo libraries. –NYT

Mobile apps are still in Wild Wild West mode where privacy invasion has become a runaway train. With more than 1 million mobile apps available to download, many free – at what cost to you is free? Maybe you inadvertantly allowed the app to collect your email address for marketing purposes, or gave it access to your contact list. If an app does not have settings to control your privacy or to control access to your contacts or other personal data – don’t use that app!

The Federal Trade Commission (FTC) recently published a guide for mobile developers, Marketing your Mobile App: Get it Right From the Start - encouraging developers to understand and utilize advertising and privacy rules prior to creating a mobile app. Unfortunately, there are way too many app developers who do not respect user privacy.

The publication follows agency actions against two mobile app developers regarding information collection and product claims. In one such agency action, an app developer paid $50,000 to settle FTC charges that it failed to require parental notice and consent before collecting and disclosing children’s personal information. A second developer settled with the Commission after claiming without proper substantiation that its mobile app treated acne. Advertising claims and privacy issues both have special importance for digital health and mobile health developers because of heightened advertising and privacy concerns for products that make health or safety claims or collect medical information. –JDSupra | Legal News

Privacy dangers lurk in ubiquitous data-gathering mobile apps and the more knowledge that we gain in this area – the better informed we become in making wise app choices.

The Wall Street Journal recently reported that U.S. food companies are reaching children by embedding their products in mobile game apps. I downloaded a few games this morning and was not impressed.

It is too easy for a child to click a mobile ad; the “x”(to close the ad)  is minimal, while the ad itself is splashed across the screen. If you were a young child, would you click on the small x or the over-sized graphic?

My App Review: The SuperPretzel Factory by Sunstorm Interactive may be entertaining for a young child – the child presses different mixer buttons as she/he attempts to fill as many pans with dough as possible before the timer runs out. Most likely they will get frustrated when they make it to level four, only to find a broken cart that will not move to catch the falling pretzels. If you look at this particular game app from an adult perspective – the game consists of approximately 95 percent locked areas and advertising.

The food-industry games generally have rudimentary graphics and objectives simple enough for small children to understand. They have raised debate over who should be responsible for their impact on children—parents or the government. –The Wall Street Journal

Childhood Obesity

Nearly one in five U.S. kids between the ages of 2-19 are overweight. Parents play a crucial role in the prevention of childhood obesity. Teaching children how to select healthy food options begins in the home. Digital technology games can detract from healthy lifestyle choices by luring the child to concentrate on junk food.

“We know that when children are engaged, they learn, so when mobile apps are fun, entertaining and developmentally appropriate, they can be powerful educational tools.” Lesli Rotenberg, Senior Vice President, Children’s Media, PBS.

A Note to Parents 

Be aware of how your child is interacting with games on mobile devices. Children rely upon you to provide appropriate stepping stones as they meander through a digital world filled with advertising.

The typical user has very little control over security and privacy settings of mobile devices. Many users are drawn to jailbreaking their devices so that they can manipulate tightly restricted and locked-down mobile operating systems. This comes at the cost of voiding device warranties.

One US company, Flurry Analytics, tracks 1.4 billion app sessions a day from more than 600 million smartphones and tablets. It offers more than 70,000 companies the chance to ”identify your best segments by demographics, interest, geography, usage and more”.
Advertisement

US-based researcher and consultant Ashkan Soltani said people are most valuable to advertisers when they have a baby, a house or a spouse. –SMH

I recently signed up for beta testing a new privacy tool; Mobilescope [a limited beta], and currently am awaiting the invite. The idea behind Mobilescope is to monitor your mobile apps and what they do behind your back. According to GCN, Mobilescope will tell you what type of data leaves your phone and which apps are responsible for the traffic.

MobileScope looks like a great tool for monitoring and controlling what information third parties get from your smart phone apps:

We built MobileScope as a proof-of-concept tool that automates much of what we were doing manually; monitoring mobile devices for surprising traffic and highlighting potentially privacy-revealing flows. –Schneier on Security

Remember earlier this year when Path apologized for uploading user’s entire iPhone address book without user permission?  With a tool like Mobilescope – we would quickly become aware of what mobile apps are doing  behind our back.

I’m a coffee shop connoisseur; the most frequent mistake I see with fellow java-lovers is the ease with which they leave their iPhones or iPads lying on the table when they go to retrieve their order. My iPhone is like a third hand when I am in public space; I never let it out of my sight.

When I am in the city (or a high crime rate area), all my devices are carefully concealed. I never give criminals an open invitation to mug me. My Jeep never announces that any semblance of technology exists within.

The lucrative secondhand market for today’s niftiest handsets has produced an explosion in “Apple picking” by thieves. A used iPad or iPhone can fetch more than $400. –ROLFE WINKLER | The Wall Street Journal

After pressure from Congress, regulators and police departments-  the FCC and four major US carriers (AT&T, Sprint, T-Mobile & Verizon) have agreed to form a national joint blacklist database so that stolen devices will not be able to obtain new service. This service should be available sometime in October 2012.

Verizon currently does not allow devices that are stolen to be operated on their network. Sprint cuts off phones that have been reported as stolen and T-Mobile suspends accounts that report stolen phones. AT&T was slow to jump on the bandwagon – but was pleased to join the blacklist initiative.

iCrime

There is a certain mindset that dances to the tune “This could never happen to me!” Get over it already because iCrime could easily happen to you. Gadget theft is big business. My daughter recently experienced the bitter reality of iPhone theft when Siri danced away from a neighborhood BBQ in the arms of a stranger. She was devastated. I couldn’t say “I told you so,” because sometimes people think that the world is made up of entirely nice people.

How can you beef up your security?

Within one hour, Mat Honan of Wired lost his entire digital life to hackers – why? Through the use of social engineering tactics, hackers tricked Apple service reps into granting access to Mat’s iCloud account. Unfortunately, two of his online accounts was daisy-chained – enabling the hackers to gain access to his Gmail and Twitter account. It was a difficult and extremely harsh lesson for Mat to learn and many of us on Twitter sympathized with his pain.

I should have been regularly backing up my MacBook. Because I wasn’t doing that, if all the photos from the first year and a half of my daughter’s life are ultimately lost, I will have only myself to blame. I shouldn’t have daisy-chained two such vital accounts — my Google and my iCloud account — together. I shouldn’t have used the same e-mail prefix across multiple accounts — mhonan@gmail.com, mhonan@me.com, and mhonan@wired.com. And I should have had a recovery address that’s only used for recovery without being tied to core services. –Mat Honan | Wired

Learn from Mat.

Security comes with a price

You are going to have to make a choice between security and convenience. I have learned that inconvenience is one giant step toward fighting iCrime. Backing up data, using complex passwords, disabling services that could open the door to stolen devices – is mandatory when it comes down to proactive versus reactive.

I never want to place myself (or my devices) in a “reactive” position!  I am the type of person that often plans ahead for security disasters. It is the same reason that I use digital surveillance (to upload real-time office images to a remote server) – I take the necessary time to configure and manage my digital assets in order to make life miserable for a potential thief or hacker.

 The Top Ten

1- Backup your iPhone and check the option to encrypt data. You won’t know how much you miss until your iPhone becomes wiped or stolen…

The simplicity of iPhone is that all you have to do is connect your iPhone to iTunes and let it do it’s magic. I use a Windows laptop to back up to the cloud and a Mac to backup locally. I don’t take any chances that either the cloud or the local backup is going to screw me over. Be paranoid – it’s worth it.

2- Use a complex password and set auto-lock on. Strong passwords are still key…

Strong passwords are the first roadblock against thieves and hackers. Don’t bother using a “simple passcode (4-digit numeric) – though there are 10,000 possible combinations for a simple passcode, the complex password offers the strength of 77 to the 37th power.

How do I do it? Navigate to your Home Menu > General > Passcode Lock On > [enter your 4-digit passcode]  Select Turn Passcode off > [enter your 4-digit passcode] Enter Your New Passcode > Click on  Next > [Re-enter your new passcode] and click on DONE.

Also, be sure to Set Auto-Lock to ON: Settings > General > Auto-Lock > Choose 1-5 minutes. Auto-lock is not a strong security function by itself, but when combined with a strong password – it becomes part of a strong security feature.

3- Enable Erase all data on this iPhone after 10 failed passcode attempts. Go to Settings > Passcode Lock > Enter Your Passcode > Click on Done > Erase Data = ON > Enable

If someone steals your iPhone and tries to brute force it, they will be out of luck on the tenth attempt, (when trying to break your passcode) and your phone will be wiped and returned to factory defaults.

4- Enable Find My iphone.  You can download Find My iPhone from the app store or access it through iCloud. You will need to enter your Apple ID and password to access it.

5- Keep your iPhone updated at all times! Simply plug it in to iTunes or download Lookout Mobil Security from the app store.

6- Download apps that come from reliable sources - Such as the App Store. If your phone is jailbroken, Cydia might be the only answer.

7- Disable Bluetooth. Only turn it on when you need it.  Go to Settings > General > Bluetooth > Off

8- Turn off SMS preview. This option is not critical but it can stop a thief from viewing your incoming messages!

9- Manage location settings. Use location settings on a per-application basis only. Go to Settings > Location Services > Turn off all unnecessary apps.

10- Secure your Internet connection . Public Wi-Fi may appear convenient but an unsecure connection can leave you vulnerable to attack. Never allow your iPhone to automatically connect to a wi-fi network. Go to Settings > Wi-Fi > Ask To Join Networks > OFF

Risky behavior on potentially unsecure wifi

67% access personal email
63% access their social network acct
31% shop online
24% access their bank account

Cocoon and its iOS app GetCocoon create a barrier between the user and the Internet, leveraging secure, SSL-encrypted connections to each Internet activity (similar to what banks use). Cocoon eliminates tracking, “man-in-the-middle” attacks, and WiFi sniffers.

Mobile device malware threats

is getting ugly…

Storified by Get Cocoon · Tue, Aug 07 2012 11:25:44

Malware is no longer a threat that is exclusive to desktop operating systems. The RSA 2012 CYBERCRIME TRENDS REPORT white paper stated that 2011 marked the year of new advanced threats on a global basis. In 2012, cybercriminals are finding new and innovative ways to monetize non-financial data, while hacktivism is on the rise. They predict that “InfoStealers” for the mobile platform will emerge with Trojans that are designed to “keylog touch-screen input and monitor data traffic through the mobile device.”

The RSA Anti-Fraud Command Center (AFCC) reports that Zeus is responsible for 80% of all attacks against financial institutions and estimates the financial loss at over $1 billion in global losses since 2007.

Mobile malware is rising fast, infecting nearly 13 million phones in the world during this year’s first half, up 177 percent from the same period a year ago, according to Beijing-based security vendor NetQin.

NetQin also detected almost 3.9 million phones in China being infected with money-stealing malware that sends out text messages to trigger fee-based mobile services. The high number of infections would likely translate into the malware’s creators netting 3.9 million yuan (US$616,533) each day (+ 225 million US dollars in one year).  –Michael Kan, IDG News

The Cocoon iOS full-service mobile security and privacy app is now available at the App Store and will shield your personal information and online transactions from potential network sniffers, hacks, or other digital exposures – even in WiFi hotspots. You also have the option of blocking web tracking from online advertising, including Google and Facebook.

Some key features to notice on the GetCocoon iOS app include:

1-Eliminates Tracking: Cocoon encrypted browsing keeps your personal information, location, and IP
address private. Websites can only see Cocoon, not your computer.
2-History portability from device to device: Cocoon provides instant access to browsing history from
the desktop, laptop, iPad, iPhone, or any other device connected to Cocoon’s free service.
3-Mailslots: Cocoon’s disposable mailboxes help protect email from SPAM and phishing by letting
users manage, read, or create mailslots (unique, automated email addresses) on-the-fly with any
device.
4-Protection from viruses: Cocoon serves as a barricade, protecting user devices from malicious
software, pre-scanning wanted downloads, and blocking unwanted downloads.
5-SSL protection on every network connection: Securely connect to the web, protecting passwords
and purchases even on public WiFi and cellular connections.

The Cocoon Team!

Your cell phone is just another "Big Brother" tracking device…

Cellphone carriers responded 1.3 million times last year to law enforcement requests for call data.

Storified by Get Cocoon · Fri, Jul 27 2012 08:49:44

From unregulated practices in mobile advertising to cell tower dumps, our mobile privacy is under constant attack. We’ve come a long way since Martin Cooper’s Dyna-Tac 2.5 lb brick (1973); but in 2012 consumers are still shaking at the short end of the mobile privacy stick.

What are this summer’s top 3 Cocoon mobile privacy concerns?

1-Privacy risk from mobile apps

Cyber-crooks develop rogue apps to steal private data such as passwords, credit card information and piece together personal information in order to commit identity theft. Apps can also include malware such as the recent Trojan!MMarketPay.A@Android that was found on China Mobile Market. Trojan!MMarketPay.A was able to automatically place orders on behalf of users and jack up their phone bills as part of the payload. The virus spread to 9 China markets (nDuoa, GFan, AppChina, LIQU, ANFONE, Soft.3g.cn, TalkPhone, 159.com and AZ4SD); infecting more than 100,000 devices.

A recent study on Mobile Privacy Policies from the Future of Privacy Forum, stated that out of the free apps surveyed, 66 percent had privacy policies, while only 33 percent of the paid apps had privacy policies.

2-Privacy risk from mobile ads

Many mobile apps need advertising in order to continue offering “free” apps. Some ads are invasive and take too much data from a user’s phone or they may install software in the background without user knowledge. Many mobile apps also routinely send data to marketing companies and use the collected data to compile dossiers on mobile phone users.

Aggressive ad networks are much more prevalent than malicious applications. It is the most prevalent mobile privacy issue that exists,” Kevin Mahaffey, Lookout’s technology chief and co-founder, told Reuters in an interview.

Mobile malvertising is another vector for attack. The ads look genuine, but when the user clicks on a malvertised ad they end up at a malicious site that downloads malware to their device.

3-Law Enforcement Surveillance

For years, cell phone carriers have refused to tell us how they package our data and have held insidious alliances with government and law enforcement agencies.

The number of Americans affected each year by the growing use of mobile phone data by law enforcement could reach into the tens of millions, as a single request could ensnare dozens or even hundreds of people. Law enforcement has been asking for so-called “cell tower dumps” in which carriers disclose all phone numbers that connected to a given tower during a certain period of time.  –Wired

 How can you make your stick longer?

-Only download apps from well-known and trusted sources.

-Avoid downloading apps that have only been downloaded a few times, have few or no ratings, and no privacy policy.

-If a free app that you like has an upgrade and a no-advertising version is available – purchase it!

-Join EFF and Internet users worldwide by signing the Declaration of Internet Freedom.

For mobile security and privacy you can check out our Cocoon app for iOS and visit us onTwitter and Facebook too!

On July 4 TrustGo discovered new malware dubbed Trojan!MMarketPay.A@Android on China Mobile’s Mobile Market. This new malware was able to automatically place orders on behalf of users and jack up their phone bills as part of the payload. The virus spread to 9 China markets (nDuoa, GFan, AppChina, LIQU, ANFONE, Soft.3g.cn, TalkPhone, 159.com and AZ4SD); infecting more than 100,000 devices.

Emil Protalinski of ZDNet states in a blog post that “It works by silently downloading paid apps and multimedia content from Mobile Market, an Android app store hosted by China Mobile, one of the largest wireless providers in the world.”

Normally China Mobile customers receive a verification code via SMS after purchasing an app from Mobile Market. Then the customer would go to Mobile Market to input their SMS code to begin the download (the order is then charged to their phone bill).

MMarketPay.A automates this process and downloads as much as it can so that victims rack up huge phone bills. It finds paid content, simulates a click action in the background, intercepts the received SMS messages, and collects the verification code sent by Mobile Market. If a CAPTCHA image is invoked, the malware posts the image to a remote server for analysis.

In short, MMarketPay.A is a complex little bugger. If you’re using an Android device on China Mobile, you may want to check your phone bill and make sure there’s nothing suspicious on it. —-Emil Protalinski for Zero Day | ZDNet

To avoid malicious apps like MMarketPay.A, you should avoid downloading non-Market applications from “unknown sources” and purchase apps from the official Google Play Store. You can tweak the application options on your Android via Settings > Applications and uncheck “Unknown Sources.”

 Source: TrustGo, ZDNet.