Privacy, a Price Paid for Technology?
"The difference between Technology and Slavery is that slaves are well aware that they are not free."
- Naseem Nicholas Taleb
By this Article, the author examines the privacy concerns faced by Internet users primarily when they use their mobile applications or more commonly referred to as apps. In today’s day and age, on account of the ease of using Wi-Fi and data packages, there is an increase in the availability and quantity of downloadable apps, which leads to privacy issues. People appear to be increasingly spending more time using mobile applications than they are browsing the mobile web. There are many apps available for your phone, and anyone, including kids, are rolling out apps, which has resulted in a range of free or low-priced choices. The difficulty arises from the fact that apps can collect all sorts of data and transmit it to the app-maker and third-party advertisers. It can subsequently be shared or sold. Moreover, mobile apps may also be infected with malware thus leading to bugs in your phone.
In December 2010, the Wall Street Journal investigated 101 apps to see what data the apps were sharing with advertisers. It found that 56 apps shared the phone’s unique ID number, 47 transmitted the phone’s location and 5 shared the user’s age and gender and other personal details (like a phone number or contacts list). The findings reveal the intrusive effort by online-tracking companies to gather personal data about people to flesh out detailed dossiers on them.
In March 2012, a lawsuit was filed against 18 of the world's largest and most influential technology and social networking companies including Facebook, Twitter, Apple, Yelp, and Path. The allegation was that these brands or entities have distributed and sold mobile apps that once installed harvest, upload and illegally steal the owner's address book data without the owner's knowledge or consent. The lawsuit followed in the wake of social networking service Path co-founder and CEO Dave Morin issuing a public apology after a Singapore-based programmer wrote a blog post describing how the company's journal application for iOS and Android-based phones was secretly collecting address book data. Path acknowledged that it had made a mistake in gathering the data but noted that the information was collected purely to improve the quality of the app.
It is not only the bigwigs like Path and Facebook that have the power of rummaging through your information. Even some offline games like Solitaire or an app as seemingly harmless as a flashlight, game or radio may have the ability to read and collect your text messages, contacts and know your location.
A July 2012 study by the mobile security company Lookout found that ads from advertising networks running on some apps might change smartphone settings and take contact information without your permission. The study tested 384,000 apps and found that 19,200 of those apps used malicious ad networks.
The privacy concerns over mobile apps appear to be steadily rising and evidenced by the hue and cry created over the alleged privacy violations by the augmented reality gaming app Pokémon Go. Unless you have been living under a rock, you would have heard of the gaming app. Earlier this month, the iOS version of the game causing privacy concerns over how much data it has access to, raised serious concerns in the mind of its users and non-users alike and took the world by storm.
Gamers who downloaded the Pokémon Go were given a scare, after noticing that the app had apparently been granted “full access” to their Google accounts. It started with a Tumblr post by Adam Reeve, who works for a security analytics firm that raised attention to the level of account permissions the game has by default, revealing that players who sign in through Google, automatically grant Pokémon Go developer Niantic Labs, access to the entirety of their account data.
At face value, the permissions would have represented a significant security vulnerability. The discovery sparked a wave of fear that playing the game might allow its developers, Niantic Labs, to read and send email, access, edit and delete documents in Google Drive and Google Photos, and access browser and maps histories. However, independent security researchers have confirmed that the episode is a result of a mislabeling and it was only a misleading entry. The wrongful entry occurred because Niantic Labs used an unsupported, out-of-date version of the sign-on process, that permission-granting step was skipped, prompting Google to default to warning users that the app had full access to their accounts.
It's interesting to see so many people getting hysterical about an app's overreach of permissions, and it is about time! As already established at the beginning of this article, no one seems to read or bother to understand the terms they agree to for apps and websites, even if they demand giving up your firstborn child as payment. Therefore, this apprehension shall ensure that internet users maintain a cautious approach while signing in to any mobile apps or websites.
However, apart from the technological privacy concerns, augmented reality apps are also being labeled as a disruptive technology. Either as a gamer or a mere witness of the hysteria, it is easy to see that this mobile app’s impact extends beyond the digital world and affects individuals or other segments of society, who may not even want to be part of the mania. The web has also been rife with concerns on the Poké Stops and Pokémon Gyms located at properties owned by people who have no idea that they have been selected and are forced to be part of the game. Notable examples of this have come from wide-ranging landmarks such as the Holocaust Museum and Arlington National Cemetery in the United States of America or concerns of individuals subjected to trespassing without their permission, and suddenly have 50 people show up because these places have now become part of a video game. These issues raise serious questions about where to draw a line on the issue of invasion of privacy.
In the words of John Poindexter, “I 'really' believe that we don’t have to make a trade-off between security and privacy. I think technology gives us the ability to have both.”
Regardless of its outcome, because of the hue and cry created over the Pokémon Go privacy concerns or the numerous lawsuits filed, everyone’s learned that signing in with your Google or Facebook account means giving some access to your personal details and information into someone else's hands. The privacy concerns get equated to situations where you just stop locking your front door and get over with it. More than before, it has now become essential that Internet users proceed with abundant caution. It is also imperative that our security's brightest minds and our government amount high level of scrutiny towards all apps and websites. In the past, the law has done a very uneven job of keeping up with the pace of change created by technology. The law needs to pull up its socks more so with the advent of augmented reality apps. It is evident that Pokémon Go or any of these augmented reality technologies would, in the coming days, have some serious legal issues and ramifications; but that discussion is for another day and time; right now, I have to rush to catch Pikachu running away from my room!