Russ Harvey Consulting - Computer and Internet Services

Mobile Security

Vulnerabilities in Mobile Devices

Privacy | Spam & Deception | We're No Safer | Tighten Security

When this site was first launched, the Internet was a relatively-new concept for the majority of people. Few businesses and even fewer individuals had a website. Facebook and Twitter didn't exist.

Traditionally, software was installed onto a computer and the data was stored there as well. References to a “mobile device” meant a laptop.

The New Mobile Reality

Today's mobile devices, by their very nature, are not fixed. Data is often stored in the “cloud” and is available to other applications and services you've permitted to have access to it.

Windows 10 a Privacy Nightmare

Windows 10, Microsoft's newest operating system, focuses on the needs of mobile devices and is itself a cloud-based SaaS (Software as a Service). Major updates often reset settings to unsafe defaults making Windows 10 a privacy nightmare.

iOS Vulnerabilities

iOS apps may be vulnerable to silent man-in-the-middle attacks (where a nefarious third party can intercept the communication and steal data).

Android Updates

While Google regularly updates the Android OS, manufacturers are free to deny the upgrades on their devices, leaving you vulnerable to known weaknesses to create an artificial need to upgrade your hardware regularly.

It was recently revealed that spyware program was installed on more than 700 million Android smartphones and was collecting information and sending it to China.

Helping You Make Better Decisions

It is hard to remember a time we didn't all have these devices. We text, talk and share on the go, often without thinking about the consequences.

This page is designed to educate you about the inherent risks that go along with the freedoms these devices provide and to help you to make better decisions about the software you use.

Privacy on Mobile Devices

Combined Services Share User Data

Microsoft, Apple and others are on a buying spree. The information from that purchased service is being accessed by the new parent company and privacy policies change to suit the new owner.

Often it is the user base that is the reason for the purchase even more than the technology. For example, Microsoft probably acquired LinkedIn to access the wealth of user data as much as providing a social media platform.

Apps Abusing Access to Your Data

You need to be careful about how much information you provide and determine if it is really necessary and in your best interest for the sake of saving a few seconds.

Don't Use Facebook to Log into Services

When you see the option to use your Facebook account to log into a service rather than creating a unique ID it provides access to your Facebook profile and more to that third-party (much more than they'd get if you login using a unique ID).

While convenient, it is better to segregate this information by using a unique user name and password for each service you use. LastPass can track these for you and generate new passwords on the fly and it works on mobile devices.

Be Selective in Permitting Access

When an app requests access to your contacts, photos, etc. you need to determine if that access is necessary for the app to provide the functions you're requesting and how that data is going to be used. In most cases it is used to generate advertising profiles to sell you to their advertisers.

You're probably better off finding another app that doesn't want to abuse your privacy.

Don't Give Apps Unnecessary Access

This information is worth billions yet many folks have been unaware of how valuable the price they've paid for their “free” apps. This has made it much harder to take back control of our privacy.

Apps collect information about their users. Developers often say that they collect information to create enhanced functionality in their app or to deliver a better user experience. But more often than not, its not easily understood why certain apps need all the information they collect.

Think about it like this — why in the world does your calorie tracker need to access your contacts? And really, why does your flashlight app need to know your location?

Recently the FTC called out flashlight apps on both iOS and Android platforms for collecting unnecessary information – both were guilty of being built to track location and access calendars, contacts and unique identifying factors. The settings also allowed them to share all that information with third party ad networks. Yikes — All that, just for a flashlight! — ZoneAlarm Blog

Mobile Location Analytics

By tracking cell phones, Mobile Location Analytics (MLA) technologies allow facilities to learn about traffic patterns within their venues including how long people stand in line.

While this information could benefit the user, it also invades their privacy.

Learn more at MLA Opt Out.

More About Privacy in the Mobile World

Return to top

Spam & Deception

Dealing with Spam

“Protect your Devices” infographic

Spam and deceptive advertising are rampant in mobile computing.

From the ads running in the free apps we download to the misleading links on our Facebook feed, we are being bombarded with misinformation.

With the exploding use of small devices like cell phones and tablets (both in addition to and in replacement of computers), advertisers have been determined to penetrate that new market.

CASL prohibits anyone from installing software—including updates—on your electronic devices without your consent.

It also applies to updates and upgrades installed by somebody else, even if you installed the original software. — Canada's Anti-Spam Legislation

Deceptive Software

Edward Snowden revealed that the US government was capturing and storing information from our Internet, phone and other electronic interactions using a number of programs designed to avoid congressional oversight.

The Five Eyes coalition, China and other nations were also involved in spying on the world's citizens.

Deceptive Services

Facebook is known for allowing deceptive advertising links on their newsfeed. Not only do they obfuscate these links so the user cannot determine where they'll take them without clicking on the link, but state that they are unable to monitor these deceptive practices.

Facebook allows a wide mass of its users the freedom to spread fake news (which they won't regulate), while simultaneously working to prevent another group from sharing actual news. — Mashable

Interestingly enough, Facebook guaranteed the Chinese government that they will be able to control content unapproved for their population in order to keep Facebook from being blocked in China.

Return to top

We're No Safer

Police and spy agencies now gather massive amounts of our private information.

When questioned, these officials often use terrorism or child pornography to excuse this behaviour.

We allowed our governments to introduce legislation that traded our privacy for “protection” against terrorists, yet we are no safer. They want even more.

I don't want to live in a world where everything I say, everything I do, everyone I talk to, every expression of creativity and love or friendship is recorded. — Edward Snowden

Few Successes

The successes have been few (and mostly could have been accomplished without the loss of our privacy).

It is far more likely that a common thief is caught up in this web than the mass terrorists the legislation is supposed to deter.

The Assumption

Agencies looked at the data they had when 911 occurred and realized that if they had more information they may have stopped the attack. Sounds good, right?

Unfortunately, the reality is different.

The problem wasn't the amount of information so much as the ability to quickly sift through it and make sense of what it meant. Were it working as advertised, the Boston Marathon bombing would have been stopped. The government had been warned about the perpetrators, but that information was lost in the mass of collected data.

Too Much Data

Think of the problem of finding a single red Loonie (or silver dollar) in a pile one foot high across your entire city.

Would it be easier to find in a pile spread across your entire province (or state) make it easier to find? How about across the nation or around the world?

You could ensure that the marked coin was within your search parameters, but are far less likely to locate it.

What's the Solution?

We need to tell our governments and corporations to quit collecting our private information and to restore a sense of privacy.

Corporations won't do this on their own. Our “metadata” is simply worth too much to them.

They've Used Our Own Ignorance

They've used our own ignorance of the value of this information to allow it to be traded for very little in return.

Government Regulation Necessary

We need governments to regulate how easily our private data is accessed by police, spy agencies and corporations in the same manner they've regulated the sorts of questions that are allowed on an employment application or rental agreement.

Take Back Our Privacy

We need to take back our privacy.

Return to top

www.RussHarvey.bc.ca/resources/mobilesecurity.html
Updated: March 24, 2017

Vulnerabilities in mobile devices.

Tighten Security

2016 saw continued growth in mobile and a corresponding increase in security issues.

We need to tighten security on our devices and pay more attention to what we're giving away.

More Than a Phone

More than a phone, mobile devices contain our most private thoughts and the information we once kept in our diaries and private records.

Laws have not kept up with technology and our privacy is being eroded.

Tighten Your Settings

Take some time to clean up your device as well as tighten security and privacy settings:

Return to top

Related Resources

Related resources on this site:

or check the resources index.

Return to top


If these pages helped you,
buy me a coffee!