IT SOUNDS LIKE a B-movie plot: Millions of smartphone owners are being tracked by their phones. In addition, their mobile apps are eavesdropping on them. And information on their whereabouts is being sold to third parties.
But it isn’t science fiction. If you own a smartphone and download popular apps, the odds are good that your handset knows more about your day-to-day travels than your spouse does. Apple, Google, and Microsoft are in the hot seat now, having to explain how iPhone, Android, and Windows Phone 7 handsets really work, and what they know about where you go and what you do. Predictably, the lawsuits are flying.
Two women in Michigan are suing Google over the location-tracking technology included in the company’s Android mobile operating system. In a Florida court, two men are suing Apple and demanding that the company either stop collecting tracking information or more-effectively safeguard the data it does collect. Both Apple and Google faced an inquiry by a U.S. Senate subcommittee in early May intended to discover to what extent they snoop on their customers via smartphones.
With so much alleged spying going on, it’s hard to focus on the most important question: Should you care?
A database file in Apple’s iPhone and 3G iPads kicked off the latest round of privacy concerns. The controversy started after a file called consolidated.db was discovered on iOS devices and in iOS backup files on PCs; the file seemed to be logging the device’s location based on the positions of cell towers and Wi-Fi access points.
Apple disputed that allegation, however. The company says that about every 12 hours iOS devices send back encrypted and anonymous cell-tower and Wi-Fi access-point location data; Apple then uses that information to update a master database of worldwide cell-tower and Wi-Fi access-point locations. The data later updates on each iOS device to help it find its location faster, as opposed to depending solely on GPS satellite signals.
Apple says that it will take the data from your iOS device only if you are using the device’s location services, and an iOS update ensures that the consolidated.db file won’t log any cell-tower or Wi-Fi access-point information if you turn location services off.
Apple Isn’t Alone
If you opted in to use Google’s location services when you first set up your Android phone, Google is taking location data from your device in a manner similar to Apple’s approach. Android sends GPS information and Wi-Fi access-point locations, as well as your unique device identifier, back to Google, according to the Wall Street Journal.
Just as Apple does, Google uses that data to maintain a location database. Reportedly the company uses the data to serve you targeted ads and other location-relevant content. Google has also stated that all of the data sent back to it is anony-mized, despite researchers’ findings that each user’s unique device ID is included.
Seeing its rivals getting hit with criticism, Microsoft posted a Q&A on its Windows Phone 7 blog about its location-data collection practices. Much like the other companies, Microsoft says that for Windows Phone 7 it “assembles and maintains” a database of cell-tower and Wi-Fi access-point locations. Microsoft fills that database by collecting data from a fleet of cars, as well as by collecting Wi-Fi access-point information from mobile devices.
The company says that it will collect Wi-Fi location information from your phone only if you turn on location services, if you are using a location-based app that requests location information, and if your Wi-Fi radio is on. “If any of these conditions are not met,” Microsoft asserts in the blog post, “the mobile device will not survey Wi-Fi access points.”
However, Microsoft also says that if a phone’s GPS function is on, it will collect the device’s “observed longitude and latitude” as well as the direction and speed the device is traveling. Presumably, Microsoft uses that data to feed a traffic-information database, but the company does not explain further.
Bejeweled 2 collects your phone number and, according to the Wall Street Journal, shares it with third parties.
Apps That Eavesdrop
If you think that’s bad, you’ll love what app makers are doing. Some popular iOS and Android apps, such as Color and ShopKick, turn on your smartphone’s microphone to listen to background noise and report back to their creators what they hear.
Fortunately, it turns out that these apps aren’t fishing for juicy tidbits about your life; rather, they’re listening for sound patterns. Color and IntoNow, for example, both perk up your phone’s ears to help create on-the-fly social networks, their makers say. By comparing the sound patterns across many phones, the creators claim, the apps can better determine whether people are in the same room, say, or watching the same program on TV.
The makers of ShopKick, meanwhile, say that their app is listening for a special tone (inaudible to human ears) so that it knows when you are in a store that offers a ShopKick discount. To be clear, all of these companies say that your words aren’t being recorded and that they aren’t being sent anywhere.
As for apps in general, most phone owners realize that when they install apps, they grant the apps access to some personal phone data. But most people would probably be surprised to learn exactly what that data is and who has access to it.
The Wall Street Journal discovered that most of the 101 apps it tested shared a phone’s unique ID number with third parties. It found that popular apps such as those for Dictionary.com and Fox News collect location data. Publisher Rovio Mobile, the maker of Angry Birds, collects data on your latitude and longitude, your contacts, and your phone’s ID (not your phone number). Other apps, including Pandora, collect your age, gender, location, and phone ID. Apps such as Foursquare, TextPlus 4, and WhatsApp Messenger collect your phone number. Bejeweled 2 collects your phone number and, according to the Journal, shares it with third parties.
An interesting side note: The Journal’s project found that the iOS apps were sharing much more information than the Android apps were.
App publisher Rovio Mobile, the maker of Angry Birds, collects your latitude and longitude, your contacts, and your phone’s ID.
With all of the headlines about location tracking and online privacy violations, it’s easy to live in fear—namely, fear that companies know too much about you and are going to reveal your deepest, darkest secrets to the world. But in reality your location is not being transmitted to a giant map in a secret room, where all of your movements can be followed via some sort of flashing beacon.
Even so, privacy safeguards are needed to protect consumers. Verizon, for one, is looking to head off concerns by placing a peel-off sticker on its devices warning users that their location may be tracked by the device.
At a U.S. Senate judiciary subcommittee hearing about mobile-device tracking in early May, Senator Al Franken (D-Minnesota) said that Apple and Google were releasing “confusing” information about what location data they collect. Senators in attendance suggested that new laws may be needed to govern the collection of data over phones. Senator Richard Blumenthal (D-Connecticut) remarked that the current environment, in which various mobile-phone operators and app providers share location information with third parties, is a “Wild West” with few restrictions in place.
But most of the controversy, experts say, is overblown for now. More disturbing to mobile-privacy experts are future phone services that might be vulnerable to rogue developers, or user-location databases that have the potential to be hacked.
For the time being, exercise caution and good judgment when installing apps and using location-based features. On top of that, you can avoid the majority of mobile-privacy pitfalls by using a combination of common sense and digital tools such as the highly rated Lookout Mobile Security app for Android, BlackBerry, and Windows Phone 7 devices.
- Posted using BlogPress from my iPad