Tag Archives: iPhone

Have an iPhone? The apps you use may collect unnecessary data, experts say

WASHINGTON—Every time you use an app on you iPhone, the app is collecting data on you– that’s lots and lots of data. And experts say those bytes of information detailing your life, may not be needed to operate the application.

Initially, developers likely didn’t consider what information was needed to run the app,said Alan Butler, senior counsel at the Electronic Privacy Information Center. Instead, they built their programs to collect all of the data they could possibly need.

But that is the wrong approach, Butler said.

Beyond the type of information collected, app developers need to determine how long the information will be stored and how will it be kept secure, he said. The more data that is collected and stored, the great the threat for data breaches, Butler said.

So what data is being collected? Well, it depends on the company.

Some companies, like cell phone providers, automatically collect consumer information such as called numbers, times of calls, locations and cellular data usage.

Cell phone companies are limited in acting on automatically collected data. Companies can choose to archive and never use information or discard it after a certain amount of time said Paul Rosenzweig, author of Cyber Warfare: How Conflicts in Cyberspace are Challenging America and Changing the World.

With all of the information collected in addition to how frequently users bring their phones with them, Rosenzweig said, “your cellphone is you.”

Rosenzweig likened the process to something called the mosaic theory. According to the theory a collection of small data points can create a picture more representative than each piece of information individually.

Smartphones play into this mosaic by contributing to the information available about a user, especially one who chooses to use social media.Rosenzweig said a comprehensive image can be created of any individual, in part by just interacting with some of iPhone’s applications.

With data collection comes increased responsibility

The relationship that an iPhone user has with the company’s application is a business one.“Sharing is something we do in kindergarten,” Butler said. But when a user gives information access to apps such as Snapchat, they are doing so under the assumption that their data is going to be used properly.

But when it’s not, what then?

Ensuring companies are using data for the right reasons is not an easy task, Butler said. That’s why EPIC supports a strong consumer bill of rights, guaranteeing consumers online protections, he added.

President Barack Obama has supported such legislation since 2012, but none of his efforts have made it out of Congress.

The administration’s 2015 proposal is scaled back in comparison to its 2012 approach, EPIC said in a March statement.  Not only does the proposal lack adequate consumer protections but may also burden businesses, EPIC said.

EPIC has a code of fair information practices, which is rooted in five principles–no personal record-keeping systems can be kept private, a person must be able to find out information recorded about them, prevent it from being used incorrectly, amend incorrect  information and organizations with collected data must protect against its misuse. EPIC suggests crafting better legislation that aligns  with its code.

WILLIAMSGILMOREAPPS(1)

Social network apps criticized for downloading data

WASHINGTON — Several social media companies came under fire last week after the discovery that they were downloading users’ full address books – without their knowledge or consent.

Programmer Arun Thampi discovered last week that Path, a social journal application, downloaded his entire iPhone address book, including names, phone numbers and email addresses, without his consent. Path executives responded by explaining that the data were used as part of a method to find other users on the network. They have since promised to delete the data and improve the transparency of their app.

Path, however, is far from the only social media app that downloads information without permission, according to a Los Angeles Times interview with Path CEO Dave Morin. Morin said downloading information this way “is currently the industry best practice and the App Store guidelines do not specifically discuss contact information.”

Twitter, a much more prominent social media network than Path, uses similar data collecting practices. According to the Times, Twitter executives confirmed that the “find friends” feature on the Twitter mobile app allows the company to download users’ entire address books, including email addresses and phone numbers, and  store them for up to 18 months.

On the Twitter mobile app, the “find friends” feature allows a user to “scan your contacts for people you already know on Twitter,” but does not inform users that their address book information is being downloaded.

In a statement, Twitter spokeswoman Carolyn Penner said new updates on the app would add transparency to the downloading process by “updating the language associated with Find Friends — to be more explicit. In place of ‘Scan your contacts,’ we will use “Upload your contacts” and “Import your contacts.”

The Path news also  brought scrutiny of Apple for its policy regarding apps that download user information. According to The Washington Post, the Android version of Path warned users about the information collection, while the Apple version did not.

The New York Times reported that according to Lookout, a mobile security company, more than 10 percent of free apps in the iTunes store had access to user contacts.

“What separates malicious use from legitimate use is the element of surprise. If a user is surprised, that’s a problem,” Kevin Mahaffey, Lookout’s chief technology officer, told The New York Times.

In response to these issues, Reps. Henry Waxman, D-Calif., and G.K. Butterfield, D-N.C., both members of the House Energy and Commerce committee, sent a letter to Apple questioning the implications of the company’s privacy standards.

The letter said the discovery of Path receiving information “raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts,” according to Reuters.

An Apple spokesman responded by suggesting that apps that collect user data without permission violate Apple guidelines, according to Reuters.

“We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release,” the spokesman told Reuters.