SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Privacy: The real cost of “free” mobile apps
Thu, 21st Mar 2019
FYI, this story is more than a year old

Mobile applications have become an integral part of how consumers use devices today.

Many companies use smartphone location information through apps to provide to advertisers and affiliate businesses.

However, users need to understand that while technology brings convenience and access to services, it also comes at a risk to personal privacy.

Apps on phones gather information about a user's movements and location.

This information is then shared and sold to others.

Given the fast-evolving nature of technology, apps can now tell if someone has gone to the supermarket, walked their dog, driven to work or gone out to dinner - and they can identify which restaurant was patronised.

If a user consults their doctor or a psychiatrist, this will be captured as well.

The New York Times recently reported that many companies receive anonymous precise location data from apps whose users enable location services to get local news and weather or other information. 

The Times found several of these businesses claim to track up to 200 million mobile devices in the US.

Location data is a lucrative business for many companies that want to use the data to better understand consumer behaviour, better target advertising or sell the data to others.

It is a fast-growing market, with sales of location-targeted advertising set to reach $30 billion by 2020.

As a result, many businesses are getting involved in the location data sector.

IBM entered the industry with the purchase of the Weather Channel's apps. 

While businesses say they are only interested in consumer patterns and the data cannot be used to identify specific individuals, the reality is that by drawing together the raw data, organisations can identify the people being tracked. 

App users can be identified and this information, which can reveal their identity, where they live and their contact details.

This is concerning and raises questions about privacy and the security of the data.

Users may experience coincidences such as advertisements for businesses or products appearing on their devices not long after they visit a physical location.  

This happens because a user's location, movements and actions are known to more businesses and people due to data collected via their apps.

If a user enables location services on an app, then they are considered fair game. 

Not only will their movements be tracked, but their identity may also become known and their personal information can be shared and sold. 

Apps usually include lengthy permissions and details on data collection are buried deep in the terms and conditions.

Most people do not read them.

The mobile location industry started out as a way for apps to customise their offerings and businesses to better target their ads to nearby consumers.

It has now evolved into a much bigger industry – a data collection and analysis machine that is now operating more like a surveillance organisation.

To prevent personal information from being shared without consent, there are a few steps users can take:

  • Be aware of the real cost of free online services – it may be the capture and dissemination of personal information 
  • Be selective about the apps downloaded and used 
  • Take the time to adjust app settings to minimise their ability to access phone and location information.   Where setting adjustment is not possible, consider whether the app is really needed  
  • Remove old apps that aren't being used 

Apple and Google make a lot of money from apps but also have an obligation to protect the interests of users.

The most recent version of Android only allows apps that are not in use to collect information a few times an hour, rather than continuously, which is what most apps do.

Apple has gone one step further and requires apps to inform the user of the intended data collection.

At one point, Apple was looking at showing a blue bar onscreen whenever an app not in use was gaining access to location data. 

Regulators may have high standards for app development, but it is also important for app users to be vigilant, particularly given apps are developed all around the world.