What to Do When the Apps on Your Phone Are Tracking Your Every Move

Share this...
Share on FacebookTweet about this on TwitterShare on LinkedIn

Anyone familiar with the story of Achilles and his famous heel would think that tale had nothing to do with smartphones or cell phone security, but they should probably think again. Apart from linking us with friends and family, via text or voice, smartphones can now track the stars and planets, follow the course of the world’s airline traffic, and turn your face into a zombie extra for the next season of the Walking Dead. Yes, it seems there’s nothing these pieces of glass, metal, and plastic cannot do. However, these wonderful swords come with two edges. Prime amongst these are the voracious ad men constantly on the lookout for new aspects of our behavior to sell onto big corporations willing to pay top dollar for this information.

So, what can be done to provide security for cell phones?

mobile phone security

Fortunately, help is at hand from the world of academia, which has come to the rescue, and there are now applications available that monitor the leakage of your personal data and plug the leaks.

Could You Be at Risk Just Playing Online Games?

The sad answer to this question is “yes.” Call them unscrupulous, or just businessmen, but there are tens of thousands of hi-tech companies out there trying to find out how we behave. From seeking out how many times we go to the refrigerator in an evening, to establishing which news channel we prefer, they want to know, and they can easily find people who will pay for that information. One of the most popular, and fun pastimes that occupy nimble minds on a smartphone is online game playing. From playing outside in the yard with a hoop and a stick in the old days, we are now pursuing equivalent activities such as slicing and dicing fruit or searching for Pokemon in all but the most unlikely of places.

Sitting Ducks

However, while we are playing games on our smartphones, we may also be sitting ducks. One of the most devious ways that Internet Peeping Toms can access our online behavior is simply by listening in to what we are doing while we play the inoffensive games on our smartphones. One US company called Alphonse has developed technology that switches on a smartphone microphone and listens in to the TV show that may be playing in the background. This information, which deftly bypasses all smartphone security is gold dust to thousands of companies who would like to know what we’re watching, when we’re watching it, and what they might persuade us to buy while it’s running in the background. The Alphonse software is currently deployed in over 1,000 online games where it happily collects your data while you’re shooting aliens or saving penalties. A list of the apps and games containing Alphonse software was posted in the New York Times and they can be found by searching for “Alphonso automated” in Google’s Appstore.

Privacy Policies

But what about privacy and security for cell phones and their users? Well, there’s good and bad news on that front. Yes, you are 100% entitled to your privacy and have every right to stop any third party from laying their hands on your personal behavior information. However, in your excitement to play your new game, you probably rushed to the end of the 30-page disclosure that appeared at the start of your game and quickly clicked on the “I agree” box at the foot of the scrolling text. And if you did that, you’d probably be in the same boat as 99.9% of all users of that software. The truth is, nobody reads those disclosures, and even lawyers would have a hard time trying to understand them. Alphonse has defended themselves by stating that their activities fall within the guidelines set by the US Federal Trade Commission.

To Opt In or Opt Out?

Alphonse uses a common practice of telling you (somewhere in the disclosure) that they request your “permission for microphone access for ads.” Of course, you never saw this, as you didn’t read the disclosure. Alphonse adds that if you don’t want to share this information, that is, if you don’t want some software company to listen in to what you are doing while you are playing your game, you can simply “opt out.” This means that you tell them that you do not want to provide them with this access. It’s as simple as that. Alphonse knows that almost nobody would opt out, so they invade your privacy and sell your information. Other companies like Alphonse, such as Vizio agreed to pay a 2.2 million USD fine for deliberate abuse of private information. Vizio collected information from Internet-connected TVs without informing the users of their software.

Not Just TV

But it doesn’t stop at scanning your personal TV viewing behavior. Some companies are now able to track when users of their software visit the houses of friends or movie theaters. In fact, technology is becoming so sophisticated that software is now capable of switching on smartphone cameras to identify on-screen pixels left by ad producers. It seems that the sky’s the limit in the search for user entertainment behavior. And with Alphonse now forming partnerships with companies like Shazam that specialize in identifying music tracks, it looks like this activity is in its infancy. The fact that Apple recently purchased Shazam may also raise a few eyebrows.

Please Come In

With skyrocketing sales of home information systems such as the Amazon Echo, this invasion of privacy seems likely to continue and expand. Ironically, while Americans are crying out against their ever-shrinking privacy rights, they are just as fast to fill their houses with these online Internet portals. Dave Morgan, the founder and CEO of Simulmedia, an online media company claims that “It’s not what is legal that counts, but what is not creepy.” However, there are some doubts that devices like the Echo or apps like Shazam can actually pick up private information of any consequence. Anyone who has tried to use Shazam in anything but a totally silent environment will be familiar with its shortcomings.

Fear Not, Help Is At Hand

While the search for private information that can be used by advertisers is not a new occurrence, its appearance using the medium of smartphones is relatively recent. And, as the issue is still taking form, it has taken some time for a solution to appear on the scene. Not too surprisingly, the answer has come from the world of academia, and not from business. Commercial companies have, at their core, the desire to collect business information, and so the interests of the public and those of big business might not necessarily converge. Academics, however, are another ball game. America’s Northeastern University has developed software called ReCon with the aim of protecting Personally Identifiable Information (PII). ReCon scans the data that leaves your smartphone, determines which applications might have an interest in harvesting it, and then stops them. This university endeavor combines network trace analysis, machine learning, and crowdsource user feedback to identify leaks in personal user information from mobile devices, and then finds ways to plug those leaks. The Northeastern team extract this data from app communications and assesses which parts are indeed private information. This data is then sent in a structured format through an Application Programmable Interface, or API, and often using JavaScript Object Notation (JSON), an open-standard file format that uses human-readable text to transmit data objects.

Another team of researchers working under the aegis of the International Computer Science Institute, or ICSI has devised the Haystack Lumen Privacy Monitor. This application is capable of capturing Android data at its source, that is, on the user’s smartphone itself. This has a considerable advantage over the ReCon system, which must extract user data onto its servers. The downside to Haystack is a performance issue, which results in the analysis activity being performed on the actual smartphone, which can slow down other apps running on the device.

Only Just the Beginning

While smartphone ownership is likely to have reached a global saturation point, it is clear that the quest for users’ personal information is just beginning. Using the smartphone as a gateway access to your personal information, online ad companies are operating freely, essentially invading your personal space and information with impunity. Cell phone security seems to be non-existent. The task to prevent such activity has been left to the Internet giants like Google and Apple, but it is apparent that they are not policing the market. With the world of commerce unlikely to rise to the challenge (after all, what’s in it for them?), academics have stepped to the fore. Endeavors such as those at Northeastern University and ICSI have revealed ingenious ways of blocking the leaks of this vital information, and they appear to be on the verge of a breakthrough. Recent talks about those two institutions joining ranks would bring the solution even closer.

We will be happy to hear your thoughts

Leave a reply