Smart phone, or pocket spy?

Mobile apps are gathering ever more data. Does this pose a risk to personal privacy, and business confidentiality?

Inside the Enterprise: Everyone likes free apps for their phones. That much is a given. But, in reality, we might be far less comfortable with the real price we pay for something that, on the face of it, appears to be free.

There are hundreds, if not thousands, of free programs both on the Apple and Android app stores, covering everything from casual gaming and entertainment to collaboration and productivity. It's quite possible to equip a smartphone or tablet with a powerful suite of business software without paying a single penny, and to rival a laptop for under 50.

As AVG's CEO, JR Smith, pointed out at a privacy debate at this year's Mobile World Congress, it is hardly a choice if the only option presented to a consumer is to consent to data collection, or to not install the app at all. 

But some of these apps hide somewhat of a dirty little secret: they are paid for, not with cash, but with your personal data.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Smartphone apps are now coming under a great deal of scrutiny. There's just one reason for this. It's because of the information they collect. Some of that data collection might seem sensible enough: performance information about the software and any bugs, for example. And few users would question it if a navigation application wanted to track their location.

Unfortunately, some apps go much further, collecting large volumes of wide-ranging data. Some of this is highly personal; some of it could become personal if it were combined with other information.

Apple, for example, has been clamping down on applications using an identifying code in each of its devices the UDID due in part to worries about how the UDID is being combined with location and personal data to create a picture of the user that goes far beyond Apple's need to track the performance of its devices.

This type of data collection can lead to "jigsaw identification" of individual phone or tablet users, and their habits. And privacy regulators are increasingly worried that people downloading applications do not really understand the data they are trading in exchange for free software, and that software developers are not giving consumers the chance to make an informed choice.

A survey carried out by the Mobile Entertainment Forum (MEF) and AVG, an IT security vendor, found that only 37 per cent of consumers are comfortable sharing data with applications. And, as AVG's CEO, JR Smith, pointed out at a privacy debate at this year's Mobile World Congress, it is hardly a choice if the only option presented to a consumer is to consent to data collection, or to not install the app at all.

In some cases, app developers are setting out to use data, or user-generated content, to "monetise" their software such as in the recent controversy over photo-sharing app Instagram.

Advertisement - Article continues below

In other cases, app developers are simply trying to future-proof their software by trying to gather information that might be useful for new versions. It is easier, they argue, to ask for catch-all permissions now than to go back to the user and ask again.

On a personal level, the privacy worries this raises are understandable. For businesses, though, apps' data gathering policies need even greater scrutiny. If an app collects location information and knows when a salesperson uses CRM, to take one example, it could work out where a firm's customers are. Worse still, it could track their staff and what they're up to.

Until the smartphone software industry is clearer about the data it collects, and why, businesses should at the very least read those T&Cs before they click "install".

Stephen Pritchard is a contributing editor at IT Pro.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020