With the rise of social media, smart home products and IoT, privacy is becoming increasingly hard to define. To what extent are we actually agreeing to give up our privacy in exchange for modern convenience versus having privacy wrested from our grasp? The classic example is Facebook—which is constantly in the news for harvesting and sharing information—but technically, we agree to terms and conditions (even if we didn’t read them or the language wasn’t clear) to have our information collected when we sign up. A more clear-cut example is in the recent news about apps that have been pre-installed on Android phones and cannot be deleted by the user—which suggests that the days when we could agree to share our information are on the way out and our information may now end up harvested without our consent.
Did I Agree to This?
Buying an Android phone (or any smartphone, really) comes with an inherent understanding that the device will track your information. Google Maps or Uber, for example, rely on your location to get you what you need. But when you buy a smartphone you expect to have certain controls over how you’re being tracked—at least you believe you can dictate location services, limit ad tracking and control app permissions. So it’s troubling that a recent study found that pre-installed apps on Android phones may actually be tracking and monitoring users from the moment they first turn on their phone—without their knowledge or consent. WHAT? Yes. These apps can access information about other apps you’re using, your geo-location data and your email or phone address books. In some cases, apps are actually able to collect and send email and phone call metadata, install other software onto the phone, and run in the background without the user’s knowledge. Again, I silently scream – WHAT?!?!
So, What Does That Mean for Privacy?
Often when people talk about privacy, they talk about the steps people can take to protect their information: private settings on Facebook, sending confidential information through encrypted messaging. We already need to be alert and proactive to maintain our privacy—after all, Facebook is less than transparent about the information it harvests from us (learn more about that here). But there are no efforts made to make Android users aware of the privacy and security risks that come simply with buying a new smartphone. Information is being harvested without users’ consent or knowledge.
The good news is that this study has spurred deeper investigation into what makes something private—or not. The research paper that followed this study has attracted the attention of European regulators, and the research team is working with the Spanish Data Protection Agency to make sure it becomes widely read. It’s also going to presented to several other European data protection authorities, hopefully spurring cases against certain device manufacturers and app developers. The study brings attention to a worldwide issue with Android devices—highlighting the extent to which individual consumers are losing access to their privacy without their consent and raising the issue of privacy in general.
The bottom line: We can no longer assume that our privacy is guaranteed, even with the fine print. The time has come for us to take proactive steps to remain informed and selective when we decide which technologies to use to improve our lives and protect our information.
To learn how Vaporstream protects your information when you communicate, download our case study on security and privacy today.
Contributor: Kristi Perdue Hinkle
*** This is a Security Bloggers Network syndicated blog from Vaporstream authored by Kristi Perdue-Hinkle. Read the original post at: https://www.vaporstream.com/blog/android-apps-compromise-privacy/