Facebook has recently been caught out for collecting and storing huge amounts of user data, and that’s just one app. Now imagine the potential for data-mining if someone had access to your entire phone.
Think about it - what have you used your smartphone for this morning? Track your diet, your steps, your locations? Helped you navigate somewhere? Google recently booted 20 apps from the play store, as it found that the apps could record with the microphone, take photos, monitor the phone’s location and send that data back to the developers - all without the user knowing. While the privacy threats posed here seem obvious, it begs the question, how common are these apps? How many more are coming?
While the thought of those kinds of privacy invasion are bad enough, it’s also theoretically possible to use the sensors in the phone to track what you are typing - including your pin code for your banking app. Additionally, the information from the phone’s sensors doesn’t need permission to access - so apps don’t have to ask. And even when they do, people tend to just grant access - for example, when you open an app and it asks for permission to use the microphone. It doesn’t say what for, but you allow it anyway. That’s it - it never needs to ask again.
On top of that, recent work has found that 7 out of 10 smartphone apps share your information with third party developers. For example, your map app might be sharing your GPS data with whoever else the developer wants to share it with. This can be used for targeted advertising as well, but there is massive potential for bad situations here. Perhaps even more disturbingly, the same study found out of 111 tested apps for children, 11 leaked the MAC address of the Wi-Fi router it was connected to. It’s possible to search online for information associated with the MAC address, potentially including the physical address.
At the moment, there’s no real way around this, to an extent. And the apps and businesses mining your data don’t make it easy to figure out what’s going on. In light of Facebook being the latest company under scrutiny, I decided to find out exactly what data I could get from my own Facebook account, and how (if possible) to stop that happening. What I found was pretty shocking - it’s incredibly easy from a user perspective to download a zip file of the data they have stored on you, and much harder to find out how to protect your information. Click Settings, and one of the options is ‘Download a copy of your Facebook data’. First of all, this means that anyone that happened to gain access to your Facebook account can easily download this same information. But I wanted to see what was actually in the file.
What I found was an index of every message I have ever sent or received, deleted information, photos (both posted and sent to / from me in messenger) and videos. While that doesn’t sound too invasive at first, the content within the messages wasn’t hidden. So I have conversations with my partner where we share bank account details, information about where we live and our house, our habits. More than enough for someone to do anything from steal my bank account details to steal my identity, theoretically.
From my perspective, after looking around and playing with the privacy settings on just Google and Facebook, there’s a big hole in the user experience regarding privacy - designs seem to be becoming more and more hidden and making it harder to find your settings and what you’re sharing. More often than not, the request for your information doesn’t tell you the full extent of what is going on, and it can take quite a while of messing around to find the right settings to hide your information.
So, is there a way to stop this kind of storage? Apps in particular tend to be very vague in the language used when asking for permission - they won’t tell you straight up how much information is going to be collected. I’ll focus on Facebook here, as that has been the main consideration above. There are some simple ways you can reduce the amount of information Facebook has access to:
Have a look at your Ad Preferences. You can see the companies or pages that have your contact information, change which information Facebook is allowed to use to advertise to you, and stop Facebook tracking your activity on other websites.
Don’t let apps sign in with Facebook. Another example of hiding how much information is actually being harvested, when you allow an app to log in with Facebook that, at a minimum, allows the app to view your public information, and may go as far as allowing it to view your email address or phone number.
If you use apps inside Facebook that require you to accept Terms of Service from a third party, it’s worth the effort to find out who the third party is and what they will be doing with your information.
Ensure your own profile is set to Private and your posts and information are set to either ‘Friends Only’ or ‘Only Me’.
But most importantly - be aware. Take the time to read data sharing policies if they’re available, or to go through all your settings regularly.