Awareness : Security Awareness Tips

Smartphones and Privacy

Currently more than half of all American adults use smartphones, according to the Pew Research Center’s Internet & American Life Project. Smartphones have features of both a mobile phone and a computer, allowing us to talk, text, access personal and work e-mail, browse the Internet, make purchases, manage bank accounts, and take pictures. They are becoming capable of doing more and more every day. Unlike many of our computers, our smartphones are ALWAYS with us and many of us rarely turn them off. However, consumers need to be aware of the kind of information that can be collected by various entities from your smartphone.

Service providers (such as AT&T, Sprint, Verizon, and T-Mobile) collect data, but the details of what they are collecting are not clear. Service providers may be collecting:

  • the phone numbers you call, the numbers that you receive calls from, and the time of the call;
  • the phone numbers you send texts to and receive texts from;
  • How often you check your e-mail or access the Internet;
  • Your location.

In addition to the data collected by your service providers, you should also be aware of the possible privacy issues surrounding the collection or disclosures of:

  • Photos or video you take on your phone;
  • Text messages and e-mails you sent and received on the device;
  • Who called you, who you called, when it was placed and how long it lasted;
  • The contacts you have stored in your phone;
  • Passwords;
  • Financial data;
  • What is stored in your phone’s calendar;
  • Your location, age, and gender.

Who would be interested in the data on your smartphone? Companies, advertisers, cyber-criminals and in some situations, federal agencies would have “an interest” in the data stored in your smartphone. Apps can collect all sorts of data and transmit it to the app-maker and/or sell it to third-party advertisers. Ads from advertising networks running on some apps may change smartphone settings and take contact and other information without your permission.

Some apps may track your location. Location-based services like Google maps, Yelp or Foursquare need your location in order to function properly. However, there are apps that do not need your location to function but may still be tracking it. Apps may also be infected with malware (malicious software that can pose a threat to your smartphone). Many mobile apps do not have privacy policies, and when they do, they are often long and difficult to understand. The Federal Trade Commission has published a guide “Marketing Your Mobile App: Get It Right from the Start” to help mobile application developers with transparency and basic privacy principles.

Consumer Privacy Tips

  • Do not leave your smartphone unattended. There is an upsurge in theft of such devices.
  • Turn Bluetooth off when not in use.
  • Be careful while doing financial transactions or checking banking information while connected to public wireless networks (WiFi). Credit card and personal information transmitted through public WiFi may be vulnerable to snooping by identity thieves. For conducting financial business your provider’s cellular network (3G, 4G, LTE, WiMax etc.) may be more secure than public WiFi spots.

  • Password protect your phone. You can usually find this feature under “Settings.” While convenient, understand the risks if your smartphone “remembers” login passwords for access to email, VPN, social networks, banks and other accounts.
  • Keep your phone operating system (Apple iOS, Android, Windows Phone etc), as well as apps up to date.
  • Do not take unauthorized photos of individuals or University sensitive information, including patients and/or share on social networking sites without appropriate approvals.
  • Disable photo geotagging. Your smartphone may be using its built-in GPS capability to embed your exact location into the file of photos taken using the smartphone’s camera.
  • Before installing apps, you should pay attention to the permissions the app is requesting to access:

    1. Android Market apps require the user to either grant or deny access – if you deny access you will not be able to download and install the app.
    2. BlackBerry devices allow the user to go back to application permissions to modify or remove the ‘Trusted Application’ status. The status gives the application permission to access sensitive functionality on the device, which includes phone, GPS, and Internet – once given trusted permission, the application will not prompt the user for permission again before accessing the phone’s data.
    3. iPhone apps will not disclose what the application has permission to access. When downloading an app, whether free or paid, Apple requires the recognition of consent by having the user sign in using their Apple account.
    4. Windows mobile apps require a privacy statement from app developers for apps made available through the Windows Phone store.
  • Use your phone’s security lockout feature. Set the phone to automatically lock after a certain amount of time not in use.
  • Enable encryption on the internal memory card (SD, microSD, etc.) and all data on the phone if that option is also available.
  • Install security software that allows you to remotely locate, lock and wipe the data of your phone. The best time to do this – when you actually still have your phone with you – not after it has been lost or stolen. There are free apps for the major platforms such as Apple iOS, Android, Windows Mobile etc. Especially for the Android operating system, it is important to use an anti-malware app. Some suggestions include Lookout, AVG or Avast. If you have a University supplied device you should contact IT if the device is lost or stolen.
  • When disposing of, recycling, or donating your smartphone, be sure to remove the SIM card and wipe or reset the phone first. Thieves may prey upon phone recycling kiosks.
  • The FTC does not resolve individual complaints, but if you believe that a particular company is engaging in wrongdoing (for example if it has violated its privacy policy) you can submit a complaint.
  • Use the Federal Communications Commission’s interactive Smartphone Security Checker at http://www.fcc.gov/smartphone-security. This online tool creates a 10-step action plan to help consumers protect their smartphone from cybersecurity threats.

For more Information: