Google and Apple talk up security, but recent disclosures serve as a painful reminder of how much control mobile phone users give up when they power on their handsets.
The very nature of cloud-based software is that we’re sharing our content with a remote server. Google, Apple, and other companies just reminded us of how much we trust our content security, but the writing has been on the wall for a while.
Consumers got a big wake-up call last spring when cloud-backup Dropbox claimed its content was more secure than it really was. The Federal Trade Commission caught Dropbox saying user content was inaccessible without the password when, in reality, Dropbox itself could access the content.
Dropbox, however, is a backup service, meaning that you have a primary memory space other than Dropbox. Your Dropbox content is likely on a home computer, laptop, or another device.
The security issue becomes more crucial with mobile.
How many users keep their address book on a server provided by Apple, Google, Microsoft, or RIM, the maker of the ubiquitous Blackberry? Phones may be packing more memory than ever, but the fragility of mobile devices makes us more apt to access our precious data remotely as opposed to a memory card or the device itself.
Apple iCloud, Google Sync, and Microsoft Private Cloud are all capitalizing on our fear of losing mobile data.
Compared to home computers, phones also have more companies involved in the data processing chain, limiting users’ ability to know who’s accessing their information and, more importantly, what they’re doing with it.
Take the example of Carrier IQ, the performance monitoring software installed on millions of phones. Last year, security expert Trevor Eckhart discovered the software was tracking everything you did with your phone, from web browsing to keystrokes. Worse, when the four major carriers were confronted, each had a different explanation for why the software was there and what they were doing with the sensitive information. As PC World’sJared Newman put it, we deserve a straight answer on Carrier IQ. Months later, it’s still unclear how much damage was done by the software.
Too Much Control
Recent developments offer more evidence of mobile security issues.
According to The Wall Street Journal, Google successfully bypassed Apple’s Safari’s mobile security and tracked millions of iPhone, iPod, and iPad users (and, to a lesser extent, PC and Mac users). Google kept a web cookie hidden in an online ad, like the Google +1 button, and it would drop when the user pressed the icon. As PCWorld reported, the quiet cookie would live well beyond the 12 to 24 hours a regular cookie would survive and allow Google to get valuable user habit information.
And earlier this week, Apple was asked by the U.S. government if its approved apps fell short of protecting user data. The social networking app Path was caught uploading whole address books without permission, but users realized that Facebook, Twitter, and other popular apps have been doing the same thing all along.
After the nudge by lawmakers in Washington, Apple immediately enforced its policy, requiring all iOS apps to update their permissions, but why wasn’t it enforcing it in the first place? It’s probably the same reason why Google has been secretly tracking us: In these days of voluntary information sharing, it believes it can get away with it.
On Thursday, Google said it was working on a Chrome password generator so you won’t have to worry about remembering and typing in passwords on any device. Google would ultimately become the gatekeeper between you and your favorite sites, not to mention knowing your passwords.
It is an ironic end to a privacy-deflating week.