Go to Top

Smartphone data: How companies can access your private information

smartphone

It is amazing; for almost every need, there’s an app you can install on your smartphone – games, navigation, editors, barcode readers, messaging – there’s hardly a topic that isn’t covered.  Since almost everything can be installed for free, how do developers finance these programs?

The financing for free apps works on the one hand, of course, by advertising.  If you don’t want to see advertisements, there is typically a version you can pay for. On the other hand, for a free app, the flow of money is not as evident – and this is where the sale of private data begins.

The question arises, with which data money can be earned?  What is so interesting about my private information that someone wants to spend anything at all?  Here again, advertising comes into play. The combination of name, telephone number, and address is already worth something.  If there are tens of thousands of contacts available, a pretty penny is due.  If there is a motion profile created over a longer period of time, plus search queries from Google, Amazon purchases, and travel bookings, clever algorithms can predict the plans and consumer wishes of the respective user.  Accordingly, they receive personalized advertising. The success rate of this type of advertising is very high.

So, how do data collectors get information that is stored on our smartphones?  Are Trojans or an illegal spying program used?  Not at all!  We ourselves give the developers of the apps the permission to retrieve the data – and much more.

If you want to install an app, you must give the program certain permissions to perform its service.  A navigation application must be able to access GPS.  Anyone who wants to take a picture must allow the app to use the camera, that’s logical. If, however, a flashlight app would like to have the right to send an SMS, or to use a camera and microphone or to access the contact data base, a red warning light should go on in your brain. With these permissions (and corresponding comments in the Terms of Service), the company, which developed this app, can send data to its own (and also foreign) servers – unintentionally and in the background.

The Center for European Economic Research (ZEW) has researched about this topic and investigated apps within the Google Play Store. The result: every second free app can only be installed if its access to sensitive information is granted. The researchers identified 136 different rights that the apps demand, 14 of them must be regarded as problematic for the protection of privacy. You can read the study here.  What these different app rights mean and what consequences they have in everyday life is explained here.

Internet access

An app, which has Internet access, can send data anywhere, anytime.

Phone

With this privilege, apps can dial phone numbers without the user of the smartphone being aware of it.  Some apps – for example, Skype – require authorization.  If, however, an application, which really has nothing to do with telephone calls, requires this right, one should do without it.

SMS

This allows the app to send SMS messages. Malicious apps could complete subscriptions via SMS – high costs included.

Photos / Media / Files

When an app gets this permission, it can access the entire memory, read, edit, and delete data.  However, many apps require this permission to store their own settings. If an app also receives Internet access, it could upload the photos stored on the smartphone to the Internet.

Contacts

This allows an app to access the stored contacts. SMS apps, address books, and social networks need this, and they’re usually unnecessary for other apps.

Device and app history

With this permission, the app can track the complete smartphone activity in real-time.  Some apps require this permission to send bug reports to the developers.

Location

The authorization is necessary for navigation and location-based apps.  However, motion profiles can be created by the data sent.

Identity

This allows the app to find out which user accounts exist and how they are connected. Apps with this permission are allowed to read and modify the contact card on which the phone number, and sometimes, the picture are located.

Record pictures and videos

This permission can turn the smartphone into a surveillance camera.

Conclusion

Before you install an app, it’s recommended that you read what authorization is required.  If these are too extensive, another app should be selected.  After installation, you can also find out about the necessary permissions of your installed apps in the application manager (just look at the long permission list).  In general, one should consider the trade-offs of whether or not it’s better to pay the small amount for a paid app, which solves the problem of “data stealing” free apps.

 

Picture copyright: Peter Freitag / pixelio.de

Leave a Reply

Your email address will not be published. Required fields are marked *