How to Protect Your Privacy in the Mobile Age

finjanmobileBlog, Mobile Security

mobile privacy

In an era where a chip the size of a human thumbnail may hold as much information as entire civilizations gathered in ages past, we’ve grown accustomed to having a wealth of data at our fingertips, and the world in the palms of our hands.

There’s a single strand of technology that makes both these conditions possible: The smartphone, and its related mobile devices, applications, and protocols.

Because of this, we’re now able to carry our world around with us. And because information is now so freely accessible, that same world may be accessed by others. So mobile technology can also put our documents, photographs, music, data, and even identities at risk.

Mobile Privacy – Be Aware of the Different Avenues of Data Collection

By its very definition, privacy demands that sensitive or confidential information should remain solely in the possession and control of the person or organization it belongs to. However, the very act of using mobile devices in the course of our everyday affairs makes this practically and logistically impossible.

Legitimate apps and mobile operating systems need to access and distribute information about the user, simply to perform their stated function. Maps and navigation tools need to establish where you are. Account and personal credentials need to be traded back and forth between devices and websites to log users in, and so on.

But beyond the functional requirements, there are other avenues of data collection that may not be quite so obvious, straightforward, or acceptable – even though strictly speaking they may actually be legal. Apps, some websites, and third-party operators in the cloud may at any time be engaged in data gathering from our mobile devices via the following methods:

  • Network service providers monitoring incoming and outgoing calls, text messages, and emails
  • Network carriers keeping a record of how often you access the internet
  • Geo-location tools establishing your location and tracking your movements
  • Geo-tagging features on smartphone cameras and certain websites (e.g. social media platforms) marking your location when you take a picture or shoot a video clip
  • Websites, social media, and eCommerce platforms keeping a record of your personal and account data
  • Browser cookies being deposited to note your login credentials, viewing habits, and movement between sites
  • Email addresses, contact information, browsing activity, and other data logged by mobile apps and shared with third-party advertising or marketing networks

Mobile Privacy – Consumer Rights and Marketing

That last point about advertising throws up an interesting dilemma. Free web services and mobile apps gain a large part of their operating budget from advertising revenues or the sale of actionable consumer data to third-party advertising networks or market researchers. On the face of it, this is a legitimate revenue stream – but with little or no control over how those third parties actually use the information they’re given, there’s plenty of scope for abuse.

As consumers (of applications and web services) we do have some rights – and among them theoretically is the right to a say in how our personal information is monitored, gathered, and used. In practice, claiming these rights may not be so easy, as the conditions for information gathering may not be clearly stated, buried deep within the licensing terms of an app or service, or not mentioned at all.

The power to opt out of a data-gathering scheme may also be hidden under layers of legal jargon, or absent altogether.

BYOD and Enterprise Confidentiality

In the business realm, Bring Your Own Device (BYOD) schemes pose their own set of privacy problems. On the one hand, allowing employees to use and manage business software, documents, and data on their own smartphones and tablets is a cost-effective and convenient way to keep everyone constantly connected.

But on the other hand, enterprise management, IT, and security officers have an obligation to safeguard the confidentiality of business-critical information, intellectual property, and the integrity of corporate network resources and infrastructure. This requires constant monitoring and the ability to intervene if danger arises (e.g. by remotely wiping all the data on a mobile device that’s gone missing) – and such monitoring may be interpreted as an abuse of their workers’ rights to privacy.

So BYOD and Mobile Device Management (MDM) policies need to be drawn up with an eye toward balancing enterprise security and confidentiality against the reasonable expectations of device owners – with due consideration given to the rights of workers to consent to the terms of these policy documents.

Law Enforcement and Surveillance

Government and law enforcement agencies may on occasion request data from network operators, service providers, or website owners on suspected or targeted individuals and organizations (in the case of espionage or counter-terrorism activity, for example). Depending on the legal frameworks of the nations concerned, these providers may have no choice but to give up this information – with zero notification or consideration to the privacy rights of the persons or organizations in question.

In some situations, device owners may even be required to submit their mobile hardware to government or law enforcement officials at the point of arrest or detainment – and information held on these devices may be used against them, legally.

Mobile Privacy – What the Law Says

There’s still a great deal of haziness over the legal status of information gleaned from mobile devices – or the exact level of authority that law enforcement and government agencies have over the devices of private citizens and independent organizations, however suspect they may be.

In the USA, the Federal Trade Commission (FTC) provides an information resource and forum for consumers with issues on mobile data practices, while there’s some protection against unreasonable searches and seizures of mobile devices by law enforcement in the Fourth Amendment to the Constitution.

The European Union (EU) has put in place a stringent regime of personal privacy laws and guarantees affecting data collected from or transmitted to devices based in Europe – a move that’s generated some waves, as the laws are set to affect trans-national dealings with countries outside the European continent.

Mobile Privacy – What You Can Do

Threats to privacy may, of course, originate from outside any official frameworks or policies, and simply derive from the efforts of hackers and cyber-criminals to steal data, monitor their targets, or steal identities. In all cases, there are measures you can take to safeguard your privacy.

  • Read the fine print. This applies to consent forms for BYOD or MDM policies, sign-up conditions for web services and accounts, and the Terms & Conditions associated with your mobile software. Port these documents over to a larger screen if possible, as this will make them much less painful to read.
  • Check those app permissions. Unreasonable requests for access to your location, contacts, camera, storage media or personal data (i.e., clearly unrelated to an app’s stated function) should disqualify that software from download or installation.
  • Take physical measures to protect your device. Passwords, lockscreens, and remote wiping capabilities (if it’s lost or stolen) come into play here.
  • Disable automatic log-ins and check-ins. This would include “AutoFill” features for online forms, and automatic geo-location permissions on certain sites.
  • Use the information that’s out there. Consumer rights advocates, privacy groups, and the online resources of your local representative may yield valuable information on your rights, and measures laid down to enforce them.

Share this Post