Privacy in the traditional sense has been described as controlling knowledge about oneself (Introna, 1997, p. 262). Its about having control over whom, when and how others can obtain information about someone.
Technology today allows users to store their personal data and, in particular, smartphones allow users to talk, store photos, play games, get directions and browse the Internet (Urban, Hoofnagle, & Li, 2012, p. 4). They are becoming central for communication and information needs (Butler, 2011, p. 5). Though smartphones are not so smart without third party applications (apps). What many users of apps on smartphones are unaware of is that apps often need to be granted permission to access private data on these devices to implement their core features (Butler, 2011, p. 5). But what exactly do these apps need to access to function and what is purely an invasion of privacy? This essay attempts to explain how there is no privacy online by using the example of smartphones, their applications, and how two major operating systems (OS) on these devices attempt to ease and/or aggravate the invasion of users personal information.
“Every day, during the course of our usual activities online, we willingly surrender privacy without giving much thought to the consequences of doing so.” (Kent, 2013)
This is ever so present with smartphones, which have been described as having the same computing power with similar capabilities as the PCs of a decade ago (Butler, 2011, p. 5). They can store sensitive personal data, contact lists, financial information, physical location information, and sensor data information (Egelman, Felt, & Wagner, 2012, p. 1). They record users associations with other people, their locations, what they have read and their thoughts about the world (Urban, Hoofnagle, & Li, 2012, p. 4). Users can store a lot of information about themselves and their whereabouts with very little effort, and consider the information stored on these devices as private (Urban, Hoofnagle, & Li, 2012, p. 2). Smartphones are a rich repository of memories and content that chronicles its users lives. They are an archive of the users personally identifiable information ( Boyles , Smith, & Madden , 2012, p. 5).
Apps are little applications that run computer programs on mobile devices such as smartphones (WebWise Team, 2012). Apps are usually developed by a third party and downloaded from an app store (Benenson, Gassmann, & Reinfelder, 2013). They talk over the Internet, just like a browser does on a PC (Thompson, 2013). Some apps require access to personal data from the users smartphone to function, such as phone and email contacts, call logs, Internet history, calendar events, the devices location and how the user uses the app itself. This information is transmitted to the apps developer and can sometimes be shared or sold to third party advertisers (Clearinghouse, 2013). Users may have limited information about what the app is collecting from them, or the apps hidden functionalities (Benenson, Gassmann, & Reinfelder, 2013).
“When users choose a smartphone, they also choose a risk communication strategy for the possible security and privacy risks” (Benenson & Reinfelder, 2013, p. 1). There are two major OS players in the smartphone market. Android OS, which is an open source and source code release by Google under the Apache license, and Apple’s iOS, which have authentication procedures to protect their users (Ahmad, Musa , Nadarajah , Hassan, & Othman, 2013, pp. 1-2). Android users are generally tech savvy males where Apple iOS users are said to be loyal and brand-aware (Benenson, Gassmann, & Reinfelder, 2013). Both of these OS offer essentially the same products, but they both operate differently in the way they handle users personal data and apps.
Android OS is an open source market where app developers don’t need to go through an approval process to get their apps onto the Android app store (Butler, 2011, p. 6). Anyone can develop and distribute for this OS via the official Google Play store or anywhere else on the Internet (Benenson, Gassmann, & Reinfelder, 2013). Android OS is an easy target for malware, which is short for malicious software used to collect private information to be used in malicious activities (Website Defender, 2013). Many users believed that Google reviewed apps before they entered the Google Play store and were under a false impression that they were safe using these apps on their devices (Benenson, Gassmann, & Reinfelder, 2013). Users are at risk of being exposed to these malware apps and they can access private data found on Android smartphones. Google relies on users to set security on each application during installation time (Ahmad, Musa , Nadarajah , Hassan, & Othman, 2013, p. 1), where a permission screen is shown to the user who must agree with all the permission requests in order to install the app (Benenson, Gassmann, & Reinfelder, 2013). “Permissions govern an application’s ability to perform actions on a phone that make use of either personal data or sensor hardware.” (Egelman, Felt, & Wagner, 2012, p. 2). These permissions, however, cannot be selectively granted or denied (Egelman, Felt, & Wagner, 2012, p. 3). It’s all or nothing. Android OS appeals to the open source community and allows its users more control over their devices (Benenson & Reinfelder, 2013, p. 1).
Apple iOS, however, only allows subscribers of their Developer Program to distribute through the official App Store (Benenson, Gassmann, & Reinfelder, 2013). Apple scrutinizes all apps and if they comply with their licensing agreement, they are accepted and then made available for users to install on their devices (Ahmad, Musa , Nadarajah , Hassan, & Othman, 2013). This means apps available through the App Store should not have any malicious functionally. The Apple tradition is that its users “trust” Apple to protect their personal information. Their strict control over the iOS apps gives users a secure feeling without having to go into technical detail (Benenson & Reinfelder, 2013, p. 1). iOS users are given runtime consent for data permissions and can customize their data disclosure policies by altering their privacy settings on their device (Benenson, Gassmann, & Reinfelder, 2013).
Android and Apple iOS have chosen two different ways to inform their users of the security and privacy risks when installing apps onto their devices (Benenson & Reinfelder, 2013, p. 1) “Differences in security and privacy risk perceptions of Android and iOS users seem to be connected to the different way in which Apple and Google shape risk communication.” (Benenson & Reinfelder, 2013, p. 2). Depending on the smartphones OS configuration, apps are capable of collecting information directly from user input or by collecting information stored in other apps that are installed on the device (Urban, Hoofnagle, & Li, 2012, p. 15). Many smartphone users underestimate the likelihood of their privacy being abused, but are still willingly trading private information for convenience, functionality or financial gains when it comes to installing apps onto their devices (Egelman, Felt, & Wagner, 2012, p. 6). iOS users are more laid back about the possible privacy risks when installing apps, as apposed to Android users. Though Android users would be better informed about which data types and critical actions are used by apps through the permissions shown during the installation process (Benenson & Reinfelder, 2013, p. 1).
In a research study conducted by the Pew Research Center in 2012 on Privacy and Data Management on Mobile Devices, a key finding of the study showed that “more than half of app users have uninstalled or avoided an app due to concerns about personal information” ( Boyles , Smith, & Madden , 2012, p. 2). 54% of app users did not install an app after they discovered how much personal information would be shared in order to use it. Also 30% of app users have uninstalled an existing app on their devices after learning how much personal information that app was collecting about them ( Boyles , Smith, & Madden , 2012, p. 2). These results were not bias to what OS they used on their smartphones. The survey also states that one in five users have turned off location tracking features on their devices ( Boyles , Smith, & Madden , 2012, p. 8).
Location tracking (also known as geolocation) in smartphones uses multiple technologies, such as Global Positioning Systems (GPS), Wi-Fi triangulation and communication tower identification (Clearinghouse, 2013). These technologies allow apps to know the smartphones location. This information might have a useful purpose like providing accurate travel directions, though some apps use this information for behavioral marketing purposes (Clearinghouse, 2013). This technology can also be used to locate users in the event of an emergency (Van Hal, 2013, p. 716). Most users are not aware that every time they make a location request or even use an app, the device records where they are (Van Hal, 2013, p. 714). The geolocation information stored on smartphones can reveal the users work habits, travel patterns and physical location at any time (Van Hal, 2013, p. 726). This information can be collected without the knowledge of the user (Urban, Hoofnagle, & Li, 2012, p. 19). Both Android and Apple iOS have collected geolocation information without the knowledge of their users (Van Hal, 2013, p. 719).
“App developers for either platform can earn money by integrating ad networks into their apps” (Benenson, Gassmann, & Reinfelder, 2013). Information that was once difficult and expensive to ascertain and catalogue is now becoming available to companies at a click of a button (Van Hal, 2013, p. 713). As users freely offer up their personal data, app developers may be selling the information it collects to other third parties, such as advertising and marketing agencies. This often leads to targeted advertising that make use of personal information such as age, gender and location (Egelman, Felt, & Wagner, 2012, p. 5). Many of these apps can also track the users activities (Van Hal, 2013, p. 716).
Though users can help to limit the information collected by app developers. Many users opt to pay for apps, rather than installing free versions, to help withhold personal information from advertisers” (Egelman, Felt, & Wagner, 2012, p. 4). “Past research has established that free applications request more permissions than paid applications because many free applications share user data with advertising networks to generate revenue” (Egelman, Felt, & Wagner, 2012, p. 4).
With all this personal information that is being collected and accessed on smartphones, the definition of “privacy” cannot be so easily defined. Controlling knowledge about oneself is becoming increasingly difficult as technologies, such as smartphones, grow in popularity. Gone are the days when mobile devices simply made and received phone calls (Van Hal, 2013, p. 715). Smartphones allow users to have access to the Internet at anytime and any place.
Traditional privacy meant having no access to a persons personal realm, having control over personal information and being free from judgment and scrutiny (Introna, 1997, pp. 261-262). Privacy entitles one to be excluded from being watched, utilized or to protect their personal realm from being invaded (Introna, 1997, p. 262). Privacy is somewhere that one can be free from judgment of others (Introna, 1997, pp. 260-261). It is the ability to control whom and when information about us can be shared with others (Introna, 1997, p. 263). In the offline world this form of privacy can possibly be achieved. But as our online activities seep into our offline lives, privacy becomes tricky to ascertain.
So far from what can be understood about smartphones and apps is that app developers are invading users privacy. “It’s hardly news in this era of information rich technology that privacy is gradually being eroded, or that our digital profiles are being converted to all kinds of uses, without us having much idea of exactly what’s going on” (Thompson, 2013). As mentioned earlier, apps access what would be private information such as phone contacts, physical location and personal thoughts. Regardless of weather or not a user reads the terms and conditions (or permissions) when installing an app onto their device, they are granting access to these apps to use their personal information if they accept these terms (permissions). It is like app developers have made the terms and conditions 10 or 15 pages long deliberately so users wont read them (Thompson, 2013). It is up to individual users to be responsible for protecting their privacy (Van Hal, 2013, p. 723). It is the duty of the user to increase their privacy by “closing doors or drawing shades” on their devices (Chow, 2013, p. 68).
There is no privacy online, no matter how much a user tries to protect them from prying third parties. Smartphone technology requires the use of private data collected on these devices to allow apps to function. Weather it be for travel directions, finding friends on social media, or tagging photos taken on the device for future referencing. However, users can ease the amount of access they give app developers by reading the permission and terms upon installation, uninstall apps that they feel access too much information, pay for a version of an app if there is one available, turn off features users believe are not required for the app to function, and chose an OS that they believe will help them to protect their information. It’s up to the user to take responsibility of their privacy and to prevent intrusion from third parties (Van Hal, 2013, p. 723). Smartphone owners need to be active in managing their data to avoid exposure to their privacy ( Boyles , Smith, & Madden , 2012, p. 3).
Boyles , J., Smith, A., & Madden , M. (2012). Privacy and Data Management on Mobile Devices. Pew Research Center’s Internet & American Life Project.
Ahmad, M., Musa , N., Nadarajah , R., Hassan, R., & Othman, N. (2013). Comparison Between Android and iOS Operating System in terms of Security. Information Technology in Asia (CITA), 2013 8th International Conference, (pp. 1-4). Kota Samarahan, Malaysia.
Benenson, Z., & Reinfelder, L. (2013). Should the Users be Informed? On Differences in Risk Perception between Android and iPhone Users. Symposium on Usable Privacy and Security (SOUPS) 2013, (pp. 1-2). Newcastle UK.
Benenson, Z., Gassmann, F., & Reinfelder, L. (2013). Android and iOS Users’ Differences concerning Security and Privacy. CHI ’13 Extended Abstracts on Human Factors in Computing Systems (pp. 817-822). New York: ACM.
Butler, M. (2011). Android: Changing the Mobile Landscape. PERVASIVE computing , 4-7.
Chow, R. (2013). Why-spy? An analysis of privacy and geolocation in the wake of the 2010 Google “Wi-Spy” controversy. Rutgers Computer & Technology Law Journal , 39, 56-94.
Clearinghouse, P. R. (2013 йил 1-July). Privacy and the Internet: Travelling in Cyberspace Safely. Retrieved 2013 йил 2013-September from Privacy Rights Clearinghouse: http://www.privacyrights.org/fs/fs18-cyb.htm
Egelman, S., Felt, A., & Wagner, D. (2012). Choice Architecture and Smartphone Privacy: There’s A Price for That. WEIS 2012, (pp. 1-27).
Introna, L. (1997). Privacy and the computer: why we need privacy in the information society. . Metaphilosophy , 28 (3), 259-275.
Thompson, G. (Producer), & O’Brien, K. (Director). (2013). In Google We Trust [Motion Picture]. Australia.
Urban, J., Hoofnagle, C., & Li, S. (2012). Mobile Phones and Privacy. Berkeley.
Van Hal, T. (2013). Taming the Golden Goose: Private Companies, Consumer Geolocation Data, and the Need for a Class Action Regime for Privacy Protection. Vanderbilt Journal of Entertainment and Technology Law , 15 (3), 713-752.
Website Defender. (2013). What is Malware? Retrieved 11 16, 2013, from Website Defender: http://www.websitedefender.com/what-is-malware/
WebWise Team. (2012, October). WebWise – What are apps? Retrieved November 15, 2013, from BBC: http://www.bbc.co.uk/webwise/guides/what-are-apps