Sophos Cloud Optix
Privacy when using potentially data-leaking mobile phone apps is concern Numero Uno for 22% of smartphone users, according to a new study.
Privacy, it seems, trumps screen size, camera resolution, or whether a given handset weighs enough to bend your wrist in half.
The report – the TRUSTe 2013 Consumer Data Privacy Study, Mobile Edition – surveyed 700 US smartphone users from 12-19 June, 2013.
Privacy concern weighs in second only to battery life, which ranks as the primary concern for 46% of users.
Smaller slices of the surveyed are primarily concerned with brand or screen size, each of which is the primary concern for 9%.
Nearly 8 out of 10 smartphone users in the US steer clear of downloading apps they don’t trust.
Let us now spend some time nagging the 20% who don’t.
Dear Twenty-Percenter: If you’re not quite sure what a dodgy mobile app looks like, Sophos’ Paul Ducklin draws a pretty picture of one subset here, that being Android scareware. Scareware, also known as fake anti-virus, tricks you into paying money by pretending to find threats such as viruses and Trojans on your computer – or, in this particular case, your Android smartphone.
The study also found that the majority of those surveyed dislike the notion of being tracked, though nearly a third of smartphone users aren’t even aware of when it’s happening.
Security experts who’ve been warning about the risks to privacy from smartphones can take heart in the study’s finding that a sizable number of users – 48% – are now as worried about privacy on their smartphones as they are about privacy on their desktops.
Meanwhile, 63% worry “frequently or always” about privacy when banking online. (Hmmm…. OK…. but, given that we’re talking about our bank accounts, shouldn’t 100% of people worry – or at least consider the risks – all the time?)
Another 43% of smartphone users are choosing not to sell privacy down the river in exchange for a free or lower-cost app.
Interestingly enough, the number of smartphone users willing to share at least some information is creeping up.
More people are also willing to share age, full name and their web-surfing behavior.
On the other hand, people are increasingly cagey about their contacts and photos – more so than their home address, phone number or current location.
That might have something to do with revelations such as those from February 2012, when social media iPhone apps Path and Hipster were found to be uploading user address book information without permission.
The TRUSTe study also found that US smartphone users are actively managing their mobile privacy, with 76% saying that they themselves are ultimately most responsible for managing their privacy.
On top of that, 40% say they check for an app’s privacy policy, 35% say they actually read such privacy policies, and a growing number – 29% – check for a trustmark or seal.
It’s certainly a good idea for us all to take privacy into our own hands, because experience shows that our internet overlords often take a casual approach to letting us know how they handle our oh-so-tasty, revenue-generating data.
An example: at least as recently as the Path and Hipster revelations, Apple’s iOS permission system wasn’t providing notification of what information an app might have been sending to its keepers, aside from location information.
Here’s hoping that the numbers for people who check for an app’s privacy policy and then the smaller number who actually read it continue to grow.
(Want to see what apps are eating into your Android’s privacy? Check out the totally free, 4.5-star rated Sophos Mobile Security app!)
Image of people with smartphones and smartphone privacy courtesy of Shutterstock.
"On the other hand, people are increasingly cagey about their contacts and photos". are you aware that pictures are accessible without permission on android?
I just wish my android phone did not come with some much un-removable crap-ware that there is no room for a security app!
But adroid is linux under the skin – so how can I get control of the damned thing?
No room for a security app? Are you sure? (Try Sophos's one, linked to above, and see.)
If you really want to simplify your Android device, you could flash a vanilla AOSP (Android Open Source Project) build over it. If your handset can take it. You then need to install the basic Google apps on top (they are not open source) if you want functionality like the Play Store.
With a build you control, you can use a program like Titanium Backup to remove *any* package, including system ones. At your own risk – strip off too much and you may have to start over because things will implode.
I do that to get rid of the stuff I simply never use, like hoopy screensavers, Gmail, Google+, Calendar and more.
A rooted AOSP build is great fun, but things you may have got used or require may be missing, or not working, and the risk of problems is higher.
Horses, as they say, for courses.
Also, be prepared to spend a rainy weekend reinstalling Android builds over and over until you find a good one.
Oh, and get the official Google-built firmware for your device first. Just in case. And bear in mind that the worst that can happen is that you will ruin your phone.
Over to you…
Got it on!
Using a Motorola Mini Defy with 146MB used by the system and crap-ware, 19MB free
(1.72GB available on the SD card)
Android 2.8.6
Kernal 2.6.38.6+
As for “flashing my phone”, I would like to get rid of crap-ware like facebook, & twitter ETC. but am not as confident about fiddling with a phone that appears to be locked more than my netbook which I have re-linuxed three times. Any suggestions for a reliable guide? Can you test/build a set up in something like Virtual Box on a PC (Android 4.0 installs as a form of Linux 2.6)
This story, along with yesterday’s NY Times story, “The Border Is a Back Door for U.S. Device Searches,” tells us that we should keep as little data on cell phones as possible. Before leaving for the airport, wipe your mobile devices clean and transfer everything to a private cloud and you can restore everything once you arrive at your destination.
Got my first smartphone recently and a lot of the permissions many apps require make me uncomfortable and ultimately put me off installing unless I trust the author. I didn't expect it to be so commonplace for alarm clock, flashlight or calendar apps, for example, to need your location and identity. I was curious why the Sophos app needed some of the permissions it does so thanks for the detailed explanation.
I don't see how it makes sense for a flashlight app to need your location or identity. I can see location possibly being relevant for alarm clock and calendar apps if they're using your location to automatically take time zone information into account when scheduling appointments or ringing your alarm. Imagine flying from Seattle to Orlando, your alarm is set for 7:00am, but doesn't ring until 10:00am local time because you forgot to account for the different time zone. Oops.
I have to say this is one thing that my Windows phone does remarkably well. Before installing any app it tells you exactly what that app is requesting permission to use and if you want to accept or deny it. I've definitely walked away from a few free apps because I didn't like what they were asking for.
What I'd like to know is how users know to trust or not trust an app or its author. OK if you personally know the author, and maybe those with knowledge can make a judgement on the permissions sought, but I can't believe that most users have any skill in this judgement. So these statistics may be a fool's paradise.