Privacy Concerns: Survey Says!

A recent survey by the Pew Research Center found that the majority of mobile phone users have uninstalled or avoided apps due to privacy concerns. According to the report:

  • 54% of mobile users have decided to not install an app after discovering the amount of information it collect
  • 30% of mobile users uninstalled an app after discovering that it was collecting personal information that they didn’t wish to share.

Owners of Android and iPhone devices are also equally likely to delete (or avoid entirely) cell phone apps due to concerns over their personal information. Interestingly, younger cellphone users were also twice as likely as older users to report that “someone has accessed phone in a way that felt like privacy invasion.” This poll follows another survey by Pew that found that users were becoming more active in managing their social media accounts.

This is definitely a positive trend that I am following. There is however a serious artificial obstacle I’ll point out. It is the smartphone network carriers control over our devices. Isn’t it interesting how you are required to purchase hardware which is yours but you cannot manage the bundled application on it? The carriers deliberately prevent you from uninstalling their bloatware and spyware. For instance, my Verizon Android based phone comes with several applications that are related to other companies such as Amazon’s MP3 or Kindle services and Blockbuster’s movie application. Did you know that these applications are granted permission to retrieve your sensitive log data? Why are any of those applications relevant to Verizon providing me with connectivity that I pay for? Rhetorical question I know!

There is action we can take as consumers to protect our privacy and gain legitimate control over our property.

How about:

  • File an FCC complaint? I did and we shall see what they say about it. The reference number is 12-C00424348 by the way.
  • Root your smartphone? This may be too technical for most but it does give you absolute power of your hardware. The carriers will void your warranty and banish you from their kingdom should they discover that you have done so. I cannot confirm nor deny that my smartphone is rooted.
  • Remain the victim? It’s never my choice but you might resolve yourself to accepting the carrier induced fate and hope that they don’t mishandled your personal and sensitive information.

Here are some more details from the survey; enjoy!

 Updates!

Verizon did indeed respond to my FCC complaint as I predicted they would. The carriers seem to actually respond to FCC complaints expeditiously and that mechanism has become the stone in my David vs Goliath repetiteur. My FCC complaint was focused on my privacy and less about being forced to accept bloat-ware on my hardware.

I started with one of Verizon’s elite problem solving case workers who quickly realized two things. First, that her continued efforts to warp the issue from a personal privacy and security complaint into a consumer tear about bloat-ware. Nice try, but I was not born yesterday! Her second attempt was to bring into the call a bubbly “senior” technical support representative who could assuage my concerns with his lofty techno-babble. Nice try again and once I permitted him time to state his case, I pounced.

He asserted that applications on your phone all run in a sandbox and there is no way for them to break out and get access to anything outside of the service parameters the application owner permits. I would agree! Have you ever examined what the application permissions really look like? Here is the most current permissions required to operate the lowly Amazon MP3 player:

USE THE AUTHENTICATION CREDENTIALS OF AN ACCOUNT
Allows the app to request authentication tokens. (Really? Which account exactly?)

ACT AS AN ACCOUNT AUTHENTICATOR
Allows the app to use the account authenticator capabilities of the AccountManager, including creating accounts and getting and setting their passwords.

MANAGE THE ACCOUNTS LIST
Allows the app to perform operations like adding and removing accounts, and deleting their password.

NETWORK COMMUNICATION

FULL INTERNET ACCESS
Allows the app to create network sockets. (While this is understandable, it should only be used during actual usage which is not the case. The application phones home frequently.)

YOUR PERSONAL INFORMATION

READ SENSITIVE LOG DATA
Allows the app to read from the system’s various log files. This allows it to discover general information about what you are doing with the tablet, potentially including personal or private information. Allows the app to read from the system’s various log files. This allows it to discover general information about what you are doing with the phone, potentially including personal or private information. (Seriously! Sure, have unfettered access to harvest any information from my device.)

PHONE CALLS

READ PHONE STATE AND IDENTITY
Allows the app to access the phone features of the device. An app with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like. (Yep! Full tracking of my identity and locations, etc. all with my permission.)

STORAGE

MODIFY/DELETE USB STORAGE CONTENTS MODIFY/DELETE SD CARD CONTENTS
Allows the app to write to the USB storage. Allows the app to write to the SD card.

SYSTEM TOOLS

CHANGE WI-FI STATE
Allows the app to connect to and disconnect from Wi-Fi access points, and to make changes to configured Wi-Fi networks.

PREVENT TABLET FROM SLEEPING PREVENT PHONE FROM SLEEPING
Allows the app to prevent the tablet from going to sleep. Allows the app to prevent the phone from going to sleep.

Furthermore, the usage policy includes the following language:

“Our Use of Your Files to Provide the Service. We may use, access, and retain Your Files in order to provide the Service to you and enforce the terms of the Agreement, and you give us all permissions we need to do so. These permissions include, for example, the rights to copy Your Files for backup purposes, modify Your Files to enable access in different formats, and access Your Files to provide technical support.”

Now, the Verizon representative did his best authoritative impersonation and continued to assert that even though the end user is forced to accept the application conditions, that there is no cause for concern. The applications must be actually used before any of my concerns might actually be validated.

Now wait a minute! When a consumer is forced to accept the permissions on an application they cannot remove without rooting the device and voiding the warranty, the stage is set for a privacy and security threat to the consumer. The application would need to be executed then right? Well, if you check out the applications properties, I’d wager it’s running in the background. So Verizon Uber-Tech, explain to me why I should not be concerned about an application with excessive permissions running actively on my device and I cannot uninstall it? I was told to “trust us”, there is nothing heinous going on to worry about.

My FCC case is unresolved.