Is information on your mobile/cellular phone really private?
Your mobile/cellular phone or smartphone might not be as secure and as private as you think. Here are some ways in which your personal data might be collected by others.
As we become increasingly welded to our mobile/cellular phones, it is readily assumed that because it is such a personal device that all our interactions are private. This sentiment is corroborated by a recent study conducted by the Berkeley Center for Law and Technology, which found that the majority of persons believed that the data stored on their smartphones were at least as private as that stored on there home PCs (Figure 1).
This perception, unfortunately, is not consistent with reality. A number of parties are continually harvesting data you might consider private, and in many instances you are also readily and unwittingly sharing personal information and that which could affect your own safety and security. This post highlights key channels through which valuable personal data is collected through your mobile/cellular device.
Cookies and apps
Similar to websites accessed on your PC, websites accessed on your mobile/cellular phone, along with mobile applications (apps) that you download to your smartphone, frequently track and store information about you, such as:
- your name
- websites visited
- email addresses and other contact details
- your social networks contact list
- your location.
In many instances, and in the case of mobile apps in particular, permission to collect such information is a condition of use. Moreover, many of those apps tend to run in the background, and could thus be collecting and transmitting information even when they are not being actively used.
Hacking and interception
While no device is 100% secure, we, as the owners, often do not take the necessary precautions to reduce the chances of our phone being breached. As the video clip below shows, many of us might not be taking advantage of the security features that our smartphones in particular might offer, such as longer passcodes, which means we could be very susceptible to our phones being hacked and/or our communication being intercepted.
Additionally, the interception of our communication over wireless channels is a real and continuing threat. Although virtually all wireless mediums can be hacked, many of us, especially in the Caribbean, rely on Wi-Fi for Internet access on our mobile/cellular devices, which could make us especially vulnerable. Of particular concern is public or unsecured Wi-Fi, which we might use without thinking, but it can be used to lure unsuspecting users and provide an ideal setting for those devices to be hacked.
It is also highlighted that Bluetooth, while convenient to facilitate data transfers between phones, it can leave those devices open to spying, and even to hacking. Phones are especially vulnerable to Bluetooth attacks when a PIN has not been activated.
It must be emphasised that although a number of entities may be keen to collect personal data on you, increasingly, we are volunteering considerable amounts of information via our social networks. For example, in addition to sharing details on what we are doing, we might also be providing a constant and automatic stream of information on where we are, e.g. via FourSquare, Soundtracker, Facebook, and other platform that integrates geo-location into their functionality.
Although we might be able to limit the information that is automatically shared on us, e.g. by deactivating the GPS feature and/or opting out of having our location automatically posted to others, we must be vigilant in ensuring that those settings are selected. However, it is also important to recognise that geo-location may be a key feature in a particular social networking platform or an app that includes social networking features, and in order to use them successfully, you must allow such information to be shared.
Finally, unlike the about points that focussed on situations through which your privacy might be breached when a phone is in your possession, it is important to highlight that even before you acquire your phone, information has been collected that can be used to track you. However, some of that information, which for example, is contained on your device’s Subscriber Identity Module (SIM) card, is needed in order for the phone to work – in order to make calls, send text messages, etc. through a particular carrier. However, increasingly, countries are now requiring cellular/mobile phones to be registered, usually at the time of sale.
For example, last year, Belize introduced a mobile phone registration drive for current device owners to register their phones. The deadline date was extended twice until 13 July 2012, and as reported in this week’s news Roundup, mobile companies disconnected 60,000 phones that had not been registered.
The rampant theft of mobile devices, and smartphones in particular, is often cited as a key reason for introducing mobile/cellular phone registration. Having a record of the device, which could include serial numbers and its International Mobile Equipment Identity (IMEI), can help it be tracked and identify if it, if it were ever lost or stolen. However and more sobering, that very same information can be used to track you, the owner of the device, should law enforcement and other authorised personnel consider it necessary.