Want Security and Privacy? Turn Off Your Mobile Devices' GPS
People with smartphones and tablets may be giving Apple and Android apps they download the permission to capture their geolocation data to know where they are, but security experts are making the strong argument to just say no instead -- and turn off that GPS function unless really needed.
"There's the privacy concern, maybe you don't want billions of people to know where you live," says Alan Brill, senior managing director, Kroll Advisory Solutions, who points out that smartphones with GPS chips today will embed geotagging information into the photo you upload to social-networking sites. It's fairly simple to use EXIF interpreter software that's freely available online to cull that geolocation data out of your photo, Brill says. In fact, this is happening today in military situations where adversaries watch for photos posted by the other side, he adds.
There are implications about GPS for businesses, too, according to Kroll, which recently sent out an advisory to its clientele on the topic. Regulatory agencies around the world, especially in Europe, are starting to consider whether geolocation information should be considered sensitive data. And that means that businesses that collect and store geolocation data as part of marketing campaigns will need to start regarding it as something that they one day may find carries a huge legal burden in the event of a data breach.
Brill says he's especially concerned about geotagging in photos when it comes to children and teens who frequently post photos online, not knowing that it likely is possible for strangers to figure out where they are. The device GPS function can be turned off, and in most cases, it probably should be, Brill recommends. GPS can help with getting road directions, but there are so many unexpected ways that personal GPS information is being collected today.
GFI Software this week came out with a report that described how apps created by the Barack Obama and Mitt Romney campaigns as outreach to potential voters are designed to be able to capture GPS information related to the user's device, among other personal information.
These Google Android and Apple iOS apps -- one is called "Mitt's VP" and the other "Obama for America" -- are both available through the official Apple and Android app stores and are intended to give the presidential campaigns a closer connection to potential voters. But according to Dodi Glenn, GFI's product manager for the VIPRE anti-malware consumer product line, both the Obama and Romney apps extend the ability to monitor and control the user's tablet or smartphone a little too far.
The Romney app is designed to give that campaign the ability to activate the device camera and turn on the audio like an open mike, Glenn points out. Both the Romney and Obama apps can read the user's contacts and upload them. And both can exploit GPS functions in devices with GPS chips. "Both have the ability to capture GPS data," he says.
[Slideshow: Sneaky Apps for Sneaky People]
The "Obama for America" app takes geolocation data to the greater extreme, he points out. The Obama app allows for the presentation of a U.S. map where Democrat-registered voters are displayed as blue flags in the neighborhood where they live. The Obama app encourages supporters to canvas neighbors to get them to vote, says Glenn. He says he finds it all a "little creepy."
"They want you to go to the neighbors, it's how to volunteer for the campaign," Glenn surmises. The nation's political-party voter registration information is readily available to political campaigns and his long been widely used for targeted political advertising via telephone calls and regular mail asking for donations, for example. But even though personal names aren't being displayed on the Obama for America app map, Glenn says he finds it disconcerting to see GPS data used in a modern political campaign in this way on user smartphones and tablets.
Like Brill, Glenn also is inclined to encourage users to say no to GPS data collection on their devices. He notes it's fairly standard for apps to ask permission to collect it, and people routinely say yes, perhaps not knowing what they're really agreeing to with GPS. There is definitely a privacy issue related to taking a photo, publishing it online with the geotagging data embedded in it, he adds.
"It also boils down to being careful what you download," he concludes.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: firstname.lastname@example.org.
Read more about wide area network in Network World's Wide Area Network section.