On May 10, I sat with my coffee and my dog and watched my first congressional hearing on c-span. The hearing was “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy“. Apple, Google, industry representatives, government officials and consumer advocates met with senators to discuss the collection of personal data by mobile apps and specifically the collection of geolocation data.
The market for smartphones and mobile devices is booming and kids are one of the fastest growing users. One of the fun parts of owning a smartphone is downloading lots of mobile apps. Mobile apps are the software that allow you to surf the internet, send texts, play games, etc.
Ashkan Soltani, an independent researcher, examined mobile apps for the Wall Street Journal, Your Apps are Watching You. Out of the 101 mobile apps investigated, 56 sent the phone’s unique ID, 47 transmitted the phone’s location and 5 sent age, gender and other personal details. Free apps were the worst for collecting personal data. Both Mr. Soltani and Jessica Rich from the FTC pointed out most people do not realize who has access to their data and how the data is used. Most of these apps do not post privacy policies or terms of service. Without a policy, a company promises nothing so they can collect anything.
At the hearing, companies and consumer advocates addressed whether or not this data should be considered personal. Although the data is linked to a phone’s unique id, companies argue they are not looking at individual users. Companies aggregate this data to look at groups of people not individuals. However, the data can be linked with other data and used to identify the individual user. Ms. Rich believed personal location information is on par with other sensitive information. She called for more stringent consumer consent requirements,given the always on and personal nature of mobile devices and the potential for misuse.
In the case of the iphone, the geolocation data ( the physical location) was not only collected but stored on the actual device. The location was saved even if the user had disabled this function. In some cases, a years worth of location data was stored on the phone. If the phone was lost or stolen, someone could access this file and map the owners whereabouts for the last year.
Mr. Soltani pointed out sometimes even companies are unaware of the extent of data collection. Apple said they had no idea geolocation information was being saved. Likewise, Google was surprised that its “street view” cars were collecting personal wi-fi data. Companies urge consumers to be more active in the area of protecting their privacy. However, protecting data is difficult when even companies are surprised by the extent of their data collection.
Apple has since corrected the geolocation bug. Now, if a user turns off collecting geolocation data, the phone will not collect the data. To turn it off, go to Settings, select General, go to Location Services and turn it off. Geolocation data can also be turned off on an Android phone by going to Settings and under Security & Location, a user can deselect enabling GPS. Unfortunately, the collection of other data cannot be turned off.
Tomorrow, Apple and Google will be back to offer further testimony. The hearing is on consumer privacy and protection in the mobile marketplace. The panel will also include Facebook. This may become my new favorite show.