Slashdot Mirror
US Wants Apple, Google, and Microsoft To Get a Grip On Mobile Privacy
coondoggie writes "When it comes to relatively new technologies, few have been developing at the relentless pace of mobile. But with that development has come a serious threat to the security of personal information and privacy. The Federal Trade Commission has issued a report (PDF) on mobility issues and said less than one-third of Americans feel they are in control of their personal information on their mobile devices. 'The report makes recommendations for critical players in the mobile marketplace: mobile platforms (operating system providers, such as Amazon, Apple, BlackBerry, Google, and Microsoft), application (app) developers, advertising networks and analytics companies, and app developer trade associations. ... The report recommends that mobile platforms should: Provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation; Consider developing a one-stop “dashboard” approach to allow consumers to review the types of content accessed by the apps they have downloaded; Consider offering a Do Not Track (DNT) mechanism for smartphone users.'"
How about regulating them?
I swear to God...I swear to God! That is NOT how you treat your human!
That's one thing I really miss about my old WinMo phones. They were not a data harvesting device, just a phone, with computer functionality. Every device I've had since then just seems like it's spying on me and siphoning off my personal life for someone else's gain.
It's creepy.
They don't need a backdoor for the phone itself. They already have access to all the phone data because it is stored on the server, and they have unlimited access to the service providers.
Why is Snark Required?
This is already done by Android and works perfectly.
Nah, it really doesn't do it in any meaningful way, and doesn't provide the level of fine grained control that is needed.
Sure, you get notification when you install an app that i uses this data, and can access that data, for this or that reason.
But you are never provided any indication when the app decides to use the data for some other reason. There is nothing in
Android that prevents this.
Example: You install an email app. Obviously it needs to access your contacts to send email to them.
It says it has to access the web, maybe to serve ads (because its a free app). You might never be told that the app might
decide to upload all your contacts to some web site. You have no way of knowing when it does this, and no way to
prevent it.
Andorid needs a finer grained control, one that says, you can't access my address book. Or you can't connect to
any website, except this list (in the example above it would be some ad server). The user should be able to turn off
some of the permissions at will. EVEN if doing so makes the app FAIL.
Right now, we get a Take-it-or-Leave-it list of permissions, most of which are poorly understood. Most people click right
through these, failing to notice that the Game they just installed wanted to access their address book. Once they
click thru that, they are never asked again. There is no way to know it happened.
Permissions should be select-able per app, even after its been installed.
There should be a easy way to review which apps can access which bits of sensitive data, and turn it on or off.
Id rather the twitter app fail than have it tweeting my 13 year old daughter's location without her or my knowledge.
Sig Battery depleted. Reverting to safe mode.
The seduction that these devices offer to too strong for people to give them up and not use them.
Given that, I see nothing wrong with the FTC recommending that consumers at least know when they are surrendering their location data, and have the option of turning that off in some game or social networking app, while still being able to use the Map application.
I only wish this suggestion came from the FCC as well, since the FTC, is more or less toothless.
If the FBI needs a warrant to put a GPS tracker on my car, I don't see any reason why AT&T or Google should be able to give my location away to some tin-star sheriff without a warrant, or worse yet, to JCPenny or Starbucks just because I walked by the store.
Sig Battery depleted. Reverting to safe mode.
and opt out of location services? Google has been pushing these options hard for quite some time now. Android users shouldn't be complaining if they don't take advantage of the privacy and security options that are pushed on them. Turn on 2-step verification, turn off GPS and location services except for when you need directions, create a good password, delete your non-essential cookies daily. These are the steps anyone should be taking to be more secure and for better privacy, regardless of whether they are using an Android phone, a laptop, etc.
How about "forcing" companies like Microsoft to use "standard file formats" for what has now become the defacto office suite?
Or making sure these companies, including Facebook, provide a mechanism for data portability, provisioned by a script?
Here's how it would work: I, the user, run this script through an interface, the result of which should be the "porting" of all my data from one provider to another in a 'reasonable time.'
They (Federal Trade Commission), dropped the ball long ago!
They are now trying to impress upon us that they are doing everything they can to "protect and safe guard" our privacy? I don't buy it one bit!
I shouldn't have to forego Maps just to prevent some other app from transmitting my position to advertisers.
I shouldn't have to disable functionality I paid for, just to prevent some unwanted use of my location!
I should have a dashboard (just like the FTC suggested) that allows me to use my GPS the way I want, and not the way the app writer decided.
Sig Battery depleted. Reverting to safe mode.
Nah, it really doesn't do it in any meaningful way, and doesn't provide the level of fine grained control that is needed.
Stock Android doesn't, but apps like P-Droid allow you to take as much control of your own phone as you want to.
"I've got more toys than Teruhisa Kitahara."
Or I could encourage the government I elected to force them to play by my rules.
Its not THEIR device, its MINE.
Sig Battery depleted. Reverting to safe mode.
Not universally true. Google'sbusiness model is to give away products (search, Android etc.) for free, then get their money from advertisers. You are the product.
For Apple and Blackberry, they make their money from selling you a phone. You are the customer.
This is reflected in the amount of privacy you get with the respective mobile phone platforms.
The biggest problem isn't that the applications don't disclose what they're accessing. There's also the problem that they don't disclose in detail. "May access the network", yeah, but for what? Knowing that it needs network access doesn't do me any good if I don't know what it needs it for or what it intends to do with it. Ditto "may access the SD card". Is it going to access it to store it's own data, or is it going to access it to scan other data?
And finally, even if all that's resolved, disclosure does no good when applications give you a take-it-or-leave-it approach: either give them 100% of everything they want or don't install them, even when a lot of what they want isn't required for them to run. The free version of a to-do list, for instance, would need network access to receive and display ads, but why would the paid-for ad-free version need it? Only to sync to a service like Google or Apple, and then only when the user chose to sync to a service. An IM program needs network access to run, without that it's kind of pointless. But access to my contacts? That may make it convenient, but my IM program does not need to see my phone's contact list to do it's job. At most it needs access to it's own contact list, which it would be getting from the IM servers when it logs on (otherwise things wouldn't stay in sync between clients). But still you're faced with either giving the IM program unrestricted access to something it doesn't need or not being able to use it at all. What's needed is disclosure of exactly why the program needs access and of why, if that access is required to install/run, the program cannot function without that access. Note that for that IM program, "It can't function without access to the contact list because I'm too lazy to write the code to maintain an app-specific contacts list." would be a perfectly acceptable disclosure. The reason doesn't have to be good, merely honest. Penalties for failure to follow the requirements? Well, you're making a fraudulent statement about your product. We already have penalties on the books for that.
And what would the government use their tax money for? No, I'd rather they didn't pay their taxes. Did you see today we invaded Africa (for like the 20th time this year) Paying your taxes, gives money to people that drop bombs on 3rd world families. Keep that in mind when you bitch at corporations that avoid them.
I really want a ban on places like Malls being able to install stuff that watches for my phone's unique identifiers to watch me move through the mall and returning to the mall. And I want a total ban on my phone company sharing anything about my movements or calls with anyone including police without a warrant and "trusted third parties" I don't trust any third parties so their aren't any "trusted third parties"
I should have a dashboard (just like the FTC suggested) that allows me to use my GPS the way I want, and not the way the app writer decided.
Good point. I've got a great privacy dashboard - it's part of Avast's security suite (which is free for Android users and which I HIGHLY recommend). I've actually always personally been in favor of using 3rd party applications for security options. I don't really like it when the product designer decides what I need in terms of security - I'd rather trust that to a specialty security company.
How many apps require your location in order to work?
Sure, if I have an app that will find a restaurant for me, maybe it needs to know at least my general location. I'm hungry, so I ask it where the restaurants are. The app should work. It's last known location for me was in Arkansas, so it gives me a map of Arkansas with hundreds of known good restaurants. I can narrow it down to southwest Arkansas, and it will zoom in some, giving me only a couple hundred restaurants. Or, I can tell it that I'm actually in Murphrysboro, at which point it will zoom, showing me the three to six restaurants in that town, and maybe flag another dozen of the better restaurants within a half hour drive.
My point is, the app should work with or without knowing my location. If it doesn't, then the app is not so much an "application" as it is a data harvesting tool.
Rand McNally Maps could locate restaurants for me a decade ago, with absolutely zero knowledge of where I was located at the time. RM Maps didn't have any mechanism by which it could communicate with RM headquarters, to inform them of my location.
Not only could RM locate restaurants, it could locate schools, churches, (handy for people planning hostage events?) parks, shopping centers, businesses, federal buildings (Timothy McVeigh?) and much much more. (I have little idea if RM Maps would have located bomb making facilities and supplies, or weapons dealers - I never thought to try it!)
Name an app that is actually necessary to day-to-day life, that actually NEEDS TO KNOW where I am, currently. I really can't imagine one.
Now, if I'm a stalker, or a predator, and I'm trying to keep tabs on my prey, then maybe such an app is truly useful. Say that maybe I've set my sights on 3 or 12 of the most beautiful little girls in my area, and I really want to know what they are wearing (if anything) where they are, and who they are with, then it would be very useful to me that the little idiots are blathering all those details to the world.
http://blog.laptopmag.com/look-whos-stalking-10-creepiest-apps-for-phones-facebook-more
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br