The Cocoon Blog
The Internet as it should be: private, secure and virus free

While looking through my iPhone apps this morning, I found it disturbing that I really do not know what data all these mobile apps on my phone are collecting. We should not have to browse to a mobile app site to read their privacy policies – only to find out that we have limited choices, if any at all (if we want to use their software), in restricting the personal data that they collect.

What is going on, according to experts, is that applications like Angry Birds and even more innocuous-seeming software, like that which turns your phone into a flashlight, defines words or delivers Bible quotes, are also collecting personal information, usually the user’s location and sex and the unique identification number of a smartphone. But in some cases, they cull information from contact lists and pictures from photo libraries. –NYT

Mobile apps are still in Wild Wild West mode where privacy invasion has become a runaway train. With more than 1 million mobile apps available to download, many free – at what cost to you is free? Maybe you inadvertantly allowed the app to collect your email address for marketing purposes, or gave it access to your contact list. If an app does not have settings to control your privacy or to control access to your contacts or other personal data – don’t use that app!

The Federal Trade Commission (FTC) recently published a guide for mobile developers, Marketing your Mobile App: Get it Right From the Start - encouraging developers to understand and utilize advertising and privacy rules prior to creating a mobile app. Unfortunately, there are way too many app developers who do not respect user privacy.

The publication follows agency actions against two mobile app developers regarding information collection and product claims. In one such agency action, an app developer paid $50,000 to settle FTC charges that it failed to require parental notice and consent before collecting and disclosing children’s personal information. A second developer settled with the Commission after claiming without proper substantiation that its mobile app treated acne. Advertising claims and privacy issues both have special importance for digital health and mobile health developers because of heightened advertising and privacy concerns for products that make health or safety claims or collect medical information. –JDSupra | Legal News

Privacy dangers lurk in ubiquitous data-gathering mobile apps and the more knowledge that we gain in this area – the better informed we become in making wise app choices.

The typical user has very little control over security and privacy settings of mobile devices. Many users are drawn to jailbreaking their devices so that they can manipulate tightly restricted and locked-down mobile operating systems. This comes at the cost of voiding device warranties.

One US company, Flurry Analytics, tracks 1.4 billion app sessions a day from more than 600 million smartphones and tablets. It offers more than 70,000 companies the chance to ”identify your best segments by demographics, interest, geography, usage and more”.
Advertisement

US-based researcher and consultant Ashkan Soltani said people are most valuable to advertisers when they have a baby, a house or a spouse. –SMH

I recently signed up for beta testing a new privacy tool; Mobilescope [a limited beta], and currently am awaiting the invite. The idea behind Mobilescope is to monitor your mobile apps and what they do behind your back. According to GCN, Mobilescope will tell you what type of data leaves your phone and which apps are responsible for the traffic.

MobileScope looks like a great tool for monitoring and controlling what information third parties get from your smart phone apps:

We built MobileScope as a proof-of-concept tool that automates much of what we were doing manually; monitoring mobile devices for surprising traffic and highlighting potentially privacy-revealing flows. –Schneier on Security

Remember earlier this year when Path apologized for uploading user’s entire iPhone address book without user permission?  With a tool like Mobilescope – we would quickly become aware of what mobile apps are doing  behind our back.

From unregulated practices in mobile advertising to cell tower dumps, our mobile privacy is under constant attack. We’ve come a long way since Martin Cooper’s Dyna-Tac 2.5 lb brick (1973); but in 2012 consumers are still shaking at the short end of the mobile privacy stick.

What are this summer’s top 3 Cocoon mobile privacy concerns?

1-Privacy risk from mobile apps

Cyber-crooks develop rogue apps to steal private data such as passwords, credit card information and piece together personal information in order to commit identity theft. Apps can also include malware such as the recent Trojan!MMarketPay.A@Android that was found on China Mobile Market. Trojan!MMarketPay.A was able to automatically place orders on behalf of users and jack up their phone bills as part of the payload. The virus spread to 9 China markets (nDuoa, GFan, AppChina, LIQU, ANFONE, Soft.3g.cn, TalkPhone, 159.com and AZ4SD); infecting more than 100,000 devices.

A recent study on Mobile Privacy Policies from the Future of Privacy Forum, stated that out of the free apps surveyed, 66 percent had privacy policies, while only 33 percent of the paid apps had privacy policies.

2-Privacy risk from mobile ads

Many mobile apps need advertising in order to continue offering “free” apps. Some ads are invasive and take too much data from a user’s phone or they may install software in the background without user knowledge. Many mobile apps also routinely send data to marketing companies and use the collected data to compile dossiers on mobile phone users.

Aggressive ad networks are much more prevalent than malicious applications. It is the most prevalent mobile privacy issue that exists,” Kevin Mahaffey, Lookout’s technology chief and co-founder, told Reuters in an interview.

Mobile malvertising is another vector for attack. The ads look genuine, but when the user clicks on a malvertised ad they end up at a malicious site that downloads malware to their device.

3-Law Enforcement Surveillance

For years, cell phone carriers have refused to tell us how they package our data and have held insidious alliances with government and law enforcement agencies.

The number of Americans affected each year by the growing use of mobile phone data by law enforcement could reach into the tens of millions, as a single request could ensnare dozens or even hundreds of people. Law enforcement has been asking for so-called “cell tower dumps” in which carriers disclose all phone numbers that connected to a given tower during a certain period of time.  –Wired

 How can you make your stick longer?

-Only download apps from well-known and trusted sources.

-Avoid downloading apps that have only been downloaded a few times, have few or no ratings, and no privacy policy.

-If a free app that you like has an upgrade and a no-advertising version is available – purchase it!

-Join EFF and Internet users worldwide by signing the Declaration of Internet Freedom.

For mobile security and privacy you can check out our Cocoon app for iOS and visit us onTwitter and Facebook too!