23 February 2019
Your handset may be sending personal data to other entities with or without your consent. Photo: AFP
Your handset may be sending personal data to other entities with or without your consent. Photo: AFP

What your mobile may be giving away

You own your smartphone. You always have it in your pocket or handbag. You use it when you need it, whether to call or text message someone, play a video game or browse through the internet.

It does what you want it to do. But are you sure you are its sole master?

Whenever the device is switched on, says Reuters, it could be communicating with at least three other entities, the company that built it, the telephone company to which it is connected, and the developers of third party applications installed on the device.

All these companies could have programmed the device to send data to them over the wireless network with or without the user’s knowledge or consent.

In Taiwan, the government called for an investigation as consumers raised howls of protest after Xiaomi admitted that its devices were sending users’ personal information back to a server in China.

According to the Chinese handset maker, the arrangement was intended to allow users to send SMS messages without having to pay the operator charges by routing the messages through Xiaomi’s servers. To do that, the company said, it needed to have access to the users’ address books.

“What Xiaomi did originally was clearly wrong: they were collecting your address book and sending it to themselves without you ever agreeing to it,” says Mikko Hypponen, whose computer security company F-Secure helped uncover the problem. “What’s more, it was sent unencrypted.”

Xiaomi says it has since sorted out the matter by seeking the users’ prior permission and only sending data over encrypted connections, says Hypponne.

But it’s not only Xiaomi that’s gathering users’ data from their devices. Other handset makers and telephone carriers are doing it too, and ostensibly for legitimate reasons.

“It’s not that it’s specific to any handset maker or telco,” says Bryce Boland, Asia Pacific chief technology officer at FireEye, an internet security firm.

“It’s more of an industry problem, where organizations are taking steps to collect data they can use for a variety of purposes, which may be legitimate but potentially also have some privacy concerns.”

Many carriers, for example, include in their terms of service the right to collect personal data about the device, computer and online activities — including what websites users visit.

Such data gives companies a better understanding of the users’ habits and personal preferences, which they can use to create more personalized advertising. Companies also use the data to sell specific products for specific clients, instead of marketing them on a much broader market.

App developers also access data from users through the software installed in their devices. Although users are asked for their permission for their personal data to be accessed, the users usually don’t know for what purpose the information is used.

Oftentimes, the users’ data is sold to third-party companies which can use it to market their own products and services.

For many handset users, allowing other people to access their data may not be such a big deal.

But if other people can get hold of your personal information with the intent of selling you products and services, what could prevent such data from falling into the hands of nefarious elements who can steal your identity or use your data to achieve illegal ends? 

– Contact us at [email protected]


EJI Weekly Newsletter

Please click here to unsubscribe