MobileActive.org

As smartphones proliferate around the world, we ought to remain cognizant of what information we share on those phones with applications, application developers, advertisers and marketers. Phones are incredibly personal, always on, and always with most of us. As a result, they can reveal sensitive information.  In fact, it is time for smartphone users to put pressure on application developers, platform providers, and eventually legislators to protect private and potentially sensitive information.

The Electronic Frontier Foundation recently published a paper on locational privacy. Because smartphones know where we are (using GPS, and if not, using applications such as Google’s My Location service), they can reveal a lot of information about activities, patterns of behaviour, and relationships we have.

Moreover, there are reports that application developers and platforms are not treating this sensitive data as such. It was recently discovered, for example, that the Palm Pre sent a daily log of data, including the GPS location of the device. Users were not notified, and while the original blogger was able to disable this “feature” on his jailbroken phone, regular users did not seem to be able to. Similarly, it was recently reported that several iPhone applications and services are reporting information back to the developers and service providers. Alarming information includes reporting the iPhone serial number, the GPS location of users, and for Facebook-enabled applications various other points of data. (Here is a blog devoted to looking at some of these applications [Update: previous link was to a list that no longer exists. The blog is run by the same individual who posted that page]).

The argument can be made that this data reporting is useful as it allows developers to improve their software. But as the EFF notes in its paper, there are techniques to do these things that do not compromise locational and other forms of privacy.  These include: instead of tracking unique iPhone IDs, each application that installs itself onto a phone could assign itself an ID that isn’t tied to a phone—the user could reinstall the app to receive a new ID number for example.  Applications could simply record where their users are, but not who they are or which phone they are using (although even this is difficult to do securely - see the EFF’s discussion on anonymized databases).

Journalists, bloggers, and activists in repressive regimes need to be extremely careful of what applications they use, and what is being reported and to whom. For media organizations developing software to disseminate media and get user input, this should be a reminder that they be careful about what information they collect about their users. And for all smartphone consumers, this should be a reminder that the time may be ripe for various legislation regarding data privacy. 

Until then, those concerned about the privacy of their data should: pressure on application developers by not downloading applications that "phone home," request the removal of such features, and push software platforms such as Facebook to regulate such information sharing.