I get nervous about privacy and its abuse. Particularly following reports exposing of the activities of companies such as Google and Rapleaf.
Now what is interesting is that if you think that cookies can be abused, then wait till you understand about those fun iPhone and Google Android applets.
The word “leak” and its derivations have had new meaning added since the Wikileaks scandals of late. But it seems that there is so much data leaking out about us that we should really start paying attention. Just because you are lazy, does not necessarily mean you should not care.
The good news is that it seems companies do care – well, at least they think about it. Check out this chart from eMarketer – it shows that, at least in the US, companies think that it will limit spending.
However, when we get into small aperture devices such third party services on iPhones and Android phones, companies are not so concerned and, in many cases, outright abusive.
They roften rarely even bother with pesky things such as privacy policies and implied consent.
The Wall Street Journal did a study of 100 apps from iPhone and Android. The results are very worrying.
The majority have little or no privacy policy. The majority are also leaking your data overtly to others.
How do they do it?
In both devices there is a specific cookie-like element called a PhoneID. This phone ID is unique to the device and attached to your personal data such as your phone number and your personal details from the phone company. However, UNLIKE cookies, you CANNOT delete the PhoneID – it is hardcoded.
And companies such as Groupon, according to the WSJ story, are taking advantage of this and transmitting the information they know about you freely to partners without your express permission. I would hazard a guess that fewer than 5% of the population knows this exists and even less consider its impact.
Some innocuous apps are giving very explicit data about you – for example Text+4 pushes out your phone number, age, sex and zipcode. Another (gay-targeted app) Grinder also puts out personal information.
So next time you think that nice new iPhone is innocuous. Think again.
Here is the WSJ clip:
About Timothy O'Neil-Dunne
The main issue of information leakage seems to be where you use a service where you have to log in, disclose personal information, and then that personal information + your UDID is shared with another party. Now that party, with only a UDID, can get the information you didn’t disclose to them.
Without getting that shared data and having the UDID alone, there’s no way you can figure out sex, age, etc..
It seems to me that this is still a fraction of the information that’s typically being leaked on the web. The most disappointed perhaps are those expecting totally anonymity when using these apps. If you’re using a service, logging in and disclosing information, there’s probably always going to be a risk that the party on the other side doesn’t share your ethics.
This argument in the context of mobile devices is a little bogus. What you’re suggesting is that companies are disclosing info. If they are be doing that, they’re doing that regardless of whether they got the info on a mobile device or on a desktop.
Google, Rapleaf – again, the idea is that this data is only valuable in volumes. Volumes are generated on the server side, not the device side.
There are relatively few unique mobile info items that may be captured. Of these location is probably the most relevant. So if there was a service that tracks location (records it over time), theoretically it would be a privacy issue. And as this data is only interesting in volume, such a concern would not be around “where you are now” but “where do you frequent”. In most cases the latter information can be obtained using other method – credit card transaction records, address books etc.
If a marketer used your unlawfully obtained info in regards to information obtained on your mobile device specifically, by nature it means some real-time interaction. It will be immediately obvious the marketer is doing that.