I’ve just completed some research of some free mobile apps across BlackBerry, iOS and Android. What I found didn’t surprise me, but it may surprise my readers. Free apps are really not that free – why? These so called free apps are collecting device and personally sensitive mobile data and sending it out to hundreds of advertising and analytics domains.
Mobile gaming apps are a particular target for developers who make little or no money from free apps but can make money from selling the app data they collect. Ever used Angry Birds or Fruit Ninja Tree? We all have, including me and these games transmit quite a bit of your mobile and personal data (including your IMEI, IMSI, your country, your location, GPS co-ordinates and some apps can locate you within 200 metres) to servers in the cloud.
Social integration (another hot mobile security topic) with sites such as Facebook allow for apps to collect your Facebook ID, email and phone number. I’ve noticed several gaming apps that send unencrypted Facebook IDs – what can Facebook do about this? Not much right now. iOS app developers still continue to use UDID data to send app data to third-parties – I for one don’t see an issue with this but wouldn’t it be good to see a flag/reminder saying the data is about to leave your device?. Developers know users’ do not read the EULAs (license agreements) so its little wonder we users don’t know what data is being collected and analyzed on our mobile devices. The duty of care here lies with the end user not with the developer or the appropriate app store.
Most of us will download a free app because it is free (think also about just how many free apps you have installed and you then begin to get an idea as to just how many apps are collecting and analysing your data). Most of us probably don’t care that data on our devices has been uploaded for others to share. Security and privacy is reactive – we only do something if something has happened. BlackBerry devices allow you to control app behaviour (managing connections i.e. USB, Bluetooth, Location data etc; Interactions i.e. how the app communicates with other apps/device etc; and User Data i.e. data collected which includes email, files etc) using permissions. Some mobile anti-virus apps also provide this app/permission management control mechanisms.
Remember – it’s not only the app developers who can collect your mobile phone data. The mobile carriers are also able to collect device specific data such as how you are using your device i.e. when and where you use and track your behaviour (i.e. text messages, call history etc) using cell site analysis. As I’ve said on numerous occassions the Web (and that includes mobile) are here to stay, and to stand the test of time, will have to monetize. One way to do that is to collect, analyze and sell the treasure trove of data that is being collected. It’s up to you to check what your apps and mobile device is doing. I suggest you start learning today!
Safe surfing folks!