How Big Companies Handle Your Mobile Data

finjanmobileBlog, Mobile Security

Mobile Data

As internet-enabled smartphones and tablets gain in popularity and spread, increasing numbers of people are using these devices to transact their personal and professional business online – either in preference to more traditional desktop and laptop computer systems, or in combination with them.

Mobile internet users have to face a number of issues, which can be of either benefit or concern. High-volume or “unlimited” data usage plans and free mobile apps may provide convenience, smart tools, and the assurance of always being connected – but as in all areas of life, there’s no such thing as a free lunch.

“Free” stuff on the internet – and especially in the mobile ecosystem – often comes with a price tag, in terms of the information and consent that you provide to the providers. By agreeing to install and use software and services, or to sign up for mobile data and access plans, your personal, financial, and other information may in effect be signed over to the care of app developers, network carriers, and other service providers. And they may not take such good care of it at all.

On the professional scene, if you’re using company-sanctioned mobile devices or your own hardware in a Bring Your Own Device (BYOD) situation, you may also have to contend with the terms and conditions of corporate information and security policies – and these may allow your employers and IT administrators extraordinary powers over your data, applications, and privacy.

It’s a complex situation, and in this article we’ll be looking at some of the implications and issues of how your mobile data is handled by the big companies and institutions that influence your life online.

Mobile Data and Your Data Allowance

Traditionally, the costs of “Pay As You Go” and prepaid data plans were heavily influenced by the infrastructure and administrative costs of the mobile networks providing them. As internet and data transport technologies have improved, the capabilities of the network carriers have increased to the point where mobile data plan pricing is now more competition-based – and therefore often arbitrary.

Which isn’t to say that it’s necessarily cheap. Due to some of the physical limitations of internet coverage (specifically, the amount of information that can be fitted into a single hertz of the frequency spectrum, and the need to occasionally transition from wireless to wireline networks), providers need to set price levels that enable them to offset the strain and costs imposed on their systems by peak demand.

This has become an even bigger issue for the mobile phone companies, with the introduction of more unlimited data plans – and the emergence of hotspot tethering apps like CarrierCrack or TetherMe. Savvy users wishing to maximize on their allowances, or people in remote and rural areas with little or no broadband coverage have taken to using apps like these to create their own WiFi hotspots, and extend their bandwidth and data allocations beyond the limits of “unlimited.”

Though carriers will usually impose a surcharge when your data consumption goes beyond a certain level (even on an unlimited plan), the mobile providers are looking to alternate revenue streams to balance their books – and these may involve capitalizing on what you do and reveal online.

Mobile Data and Your Data Usage

By now it should be no big secret to anyone that the information you generate and take in online can and will be used by app developers, advertising networks, network carriers, and other interested parties in exchange for the software and services they provide. If you take the time to read them, this situation is usually spelled out somewhere in the terms of your subscription contract, license to use, or the permissions you grant before downloading or installing an app.

Depending on the terms of the agreement, this may empower your service provider, mobile network, or the software vendor to sell your personal data on to third parties – usually (but not always) in an “anonymized” form which strips out personal identifiers that could be used by an outsider to trace that information back to you.

Recent hacks have however demonstrated that even the most anonymized personal data can be reconstructed and, with reference to other markers such as your browsing habits, be used to create a fair representation of you as a person – enough for identity thieves and fraudsters to exploit for criminal ends.

If you don’t trust your Internet Service Provider (ISP) to not monitor your online activities and sell your data on to advertisers, then your safer bet is to use a well-established (and generally paid subscription-based) Virtual Private Network or VPN. The service won’t anonymize your data as such, but the encryption it provides to your internet connections and data transfer will make it difficult and less profitable for legitimate services and hackers alike to make any sense out of the information they observe.

You’ll notice we observed that the VPN you choose should most likely be a paid option, and the reason for this is simple. Like the mobile networks, developers, and service providers, the vendors of free VPN software and platforms have to make their money somehow – and trading in user information may be an option for some of the more unscrupulous ones. Check the fine print, whichever kind of VPN you choose.

Mobile Data and Your Data Privacy

If you’re using your own mobile device under BYOD in the corporate arena, or company-issued hardware, then you’ll also need to be wary of how your information is being handled by the organization that employs you.

Especially in the case of business-owned and sanctioned hardware and applications, there may be stringent security and IT administration protocols in place. At the simplest level, this might involve your employer keeping tabs on each time you log into or out of a company account. More wide-ranging and specific measures may give greater cause for concern.

For example, if your employer installs monitoring software on their systems, they can see which websites and resources you go to online – and may potentially have the right to block access to restricted sites or platforms.

If an employer installs keylogging software (perhaps for security-sensitive operations and industries), they may be able to record the usernames and passwords that you enter to gain access to your personal accounts – including your email and social media.

More worrying still, there may be a policy and mechanisms in place that empower your administrators to wipe all of the data on the devices you use for business purposes – remotely, at that. This emphasizes the need for you to keep regular backups of the important mobile data on your device.

In certain jurisdictions, there may be legal protections in place to guard your privacy in the workplace. And it should be standard practice for you to give some kind of waiver, or sign a consent form laying out the terms and conditions of your company’s security policy with regard to mobile devices and data handling.

Common sense should be your guide, as well. In addition to those regular backups, consider using a VPN to access your company network from remote locations. And be sure to remove all personal information from your device before you hand it in to your employer at the end of your contract.

Share this Post