Story image

Privacy: The real cost of “free” mobile apps

21 Mar 2019

Article by Elegant Media co-founder and CEO Anushka Bandara

Mobile applications have become an integral part of how consumers use devices today.

Many companies use smartphone location information through apps to provide to advertisers and affiliate businesses.

However, users need to understand that while technology brings convenience and access to services, it also comes at a risk to personal privacy.

Apps on phones gather information about a user’s movements and location.

This information is then shared and sold to others.  

Given the fast-evolving nature of technology, apps can now tell if someone has gone to the supermarket, walked their dog, driven to work or gone out to dinner - and they can identify which restaurant was patronised. 

If a user consults their doctor or a psychiatrist, this will be captured as well.

The New York Times recently reported that many companies receive anonymous precise location data from apps whose users enable location services to get local news and weather or other information.  

The Times found several of these businesses claim to track up to 200 million mobile devices in the US. 

Location data is a lucrative business for many companies that want to use the data to better understand consumer behaviour, better target advertising or sell the data to others.

It is a fast-growing market, with sales of location-targeted advertising set to reach $30 billion by 2020. 

As a result, many businesses are getting involved in the location data sector. 

IBM entered the industry with the purchase of the Weather Channel’s apps.  

While businesses say they are only interested in consumer patterns and the data cannot be used to identify specific individuals, the reality is that by drawing together the raw data, organisations can identify the people being tracked.  

App users can be identified and this information, which can reveal their identity, where they live and their contact details. 

This is concerning and raises questions about privacy and the security of the data.

Users may experience coincidences such as advertisements for businesses or products appearing on their devices not long after they visit a physical location.   

This happens because a user’s location, movements and actions are known to more businesses and people due to data collected via their apps.

If a user enables location services on an app, then they are considered fair game.  

Not only will their movements be tracked, but their identity may also become known and their personal information can be shared and sold.  

Apps usually include lengthy permissions and details on data collection are buried deep in the terms and conditions. 

Most people do not read them.

The mobile location industry started out as a way for apps to customise their offerings and businesses to better target their ads to nearby consumers. 

It has now evolved into a much bigger industry – a data collection and analysis machine that is now operating more like a surveillance organisation.

To prevent personal information from being shared without consent, there are a few steps users can take:

  • Be aware of the real cost of free online services – it may be the capture and dissemination of personal information 
  • Be selective about the apps downloaded and used 
  • Take the time to adjust app settings to minimise their ability to access phone and location information.   Where setting adjustment is not possible, consider whether the app is really needed  
  • Remove old apps that aren’t being used 

Apple and Google make a lot of money from apps but also have an obligation to protect the interests of users. 

The most recent version of Android only allows apps that are not in use to collect information a few times an hour, rather than continuously, which is what most apps do. 

Apple has gone one step further and requires apps to inform the user of the intended data collection.

At one point, Apple was looking at showing a blue bar onscreen whenever an app not in use was gaining access to location data.   

Regulators may have high standards for app development, but it is also important for app users to be vigilant, particularly given apps are developed all around the world.

Safety solutions startup wins ‘radical generosity’ funding
Guardian Angel Security was one of five New Zealand businesses selected by 500 women (SheEO Activators) who contributed $1100 each.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.