The media has been all abuzz with the ‘shocking revelation’ that some apps on the Android platform – including the big players like Facebook and YouTube – can access everything and anything on your phone, without you realising.
While on first reaction this may seem like the big web companies being evil conglomerate data-miners, in truth it is us, as users, who are at fault.
Details of the information that the app can access on your device is all clear to see in the terms and conditions before you download the app [see image] but many users simply don’t check.
Telling the Times, Sun Products owner Daniel Rosenfield explains that his app-development company exists to mine data from naive users who are oblivious to the access they are granting.
According to the terms of one of his company’s apps, his firm can “call phone numbers without your permission…get the list of accounts known by the device…determine the phone number and serial number of the phone, whether a call is active, the number that the call is connected to,” and creepily “allows the application at any time to collect images the camera is seeing”.
Now, for many of the apps out there you can find a logical explanation for this level of intrusion: YouTube needs access to your camera to directly upload video, Facebook helps you connect and interact by having access to location and contacts, etcetera etcetera.
An example of the apps that raise eyebrows however is a Justin Bieber [the floppy haired American pop-star] wallpaper app – it changes your device’s wallpaper, as well as having access to spy on you through the camera at any time without you knowing, see when you are making a call and who to, and pretty much hijack your device with the permission that you have given it by downloading. I’ve always said that sickly pop-starts pose a risk to society.
Aimed at tweenagers, the app has no apparent reason to need access to the user’s Facebook, email or messaging accounts, nor the browser’s full web history. The terms also stated that the app could “call phone numbers without [the user’s] intervention”. It’s not illegal – because users have agreed to it – it is simply exploiting users’ naivety.
Stuart Coulson, security expert and director of datacentres at UKFast says that this is nothing new. “It’s a case of ‘the emperor’s new clothes’, once you sign something – or click – to agree the terms and conditions, that contract is binding and it’s unfortunately your own fault if you don’t read them.”
It is not only the hijacking of users’ devices that is concerning, it is the next step: what do they do with the data they are harvesting? The answer is simple: use it for marketing purposes or sell it tosomeone who will. Rosenfield explained that he makes far more doing this than he would by simply selling the app.
Apple has a tighter leash on its app-developers thanks to a 17,000 word general terms and conditions policy that they must adhere to in order to sell their wares within the App Store, but that doesn’t mean iPhone-ers can rest easy.
In a world where we are moving at an incredible speed towards a dependence on mobile devices in everyday life, we really need to be massively more aware of the risks and threats associated with what we download.
I have my iPhone with me at every second of the day and definitely would not want to give someone the permission to spy on me through its camera while I’m checking Facebook in my bed, nor would I want three texts an hour inviting me for some ‘fun with a local hottie’ for the price of a premium rate phone call.