Security
Brought to you by

Is My Phone Spying On Me And What Can I Do?

Dear Lifehacker,

With all the hullaballoo about Carrier IQ spying on all those phones, I’m left wondering what else is my phone gathering about me? Should I be concerned, and if so, what should I do about it?

Signed,

Not Trying To Be Paranoid

Photo remixed from an original by Yurchyks/Shutterstock.

Dear NTTBP,

A healthy dose of skepticism is, well, healthy, and you’re definitely not alone in wondering what kind of private information your phone is gathering and what’s being done with it. The Carrier IQ rootkit is the most recent of many mobile privacy and security concerns that have been raised (though particularly worrisome because it comes preinstalled on your phone and removing it can be difficult). The truth is, yes, your phone is tracking your location, and you may be surprised by which mobile apps are recording information about you. But it’s not always a big cause for concern. Here’s an overview:

Your Mobile Phone Knows Where You Are

It’s no secret that our smartphones are location-aware. The location technology that triangulates your position using GPS or cell tower information is behind many of our smartphones’ most useful features, from finding great places nearby to geotagging your photos to automatically delivering discounts based on the store you’re in.

The main concern for some about this location tracking is that Google and Apple (and the other major mobile OS makers) may be collecting and storing your very specific location data (for example, with the iPhoneTracker Maps collected on iOS). Google, Apple and Microsoft have all said that they use this data to maintain their location databases and that the data is all anonymous or anonymised.

It’s unlikely these companies are gathering your info in order to track your every move like in some spy thriller, but if you’re worried or rather not send your location data to Google, Apple or anyone else, location tracking can be turned off. In Android, go to Settings > Location and Security, and uncheck “Use Wireless Networks”. On your iPhone, you’ll need to to jailbreak your device and use an app like previously mentioned Untrackerd. See our previous guide to stopping your smartphone from constantly tracking you for more considerations before you turn off location tracking.

Mobile Apps Can Collect Your Location, Phone Number And Other Personal Details

It’s easier to put a little trust in large companies like Apple, Google and Microsoft — they’ve got too much at stake to risk spying in a way that would really freak most people out. But your phone’s operating system is just one consideration. Apps may be collecting and transmitting even more details about your phone usage and other information. The most obvious reason is so marketers can use that data to sell you more stuff or send targeted ads, but with some apps, what’s being collected doesn’t immediately make a lot of sense.

The Wall Street Journal analysed 101 popular apps
to show in an interactive database what each app collects and how it’s shared. Some apps access more data on your phone than what they transmit to either the app makers or to third parties like marketers or Google. Here’s what the database looks like (there’s also a useful chart in that WSJ article):

Foursquare, for example, collects your phone number, phone ID, location, age, gender, contacts and Foursquare username and password, but only sends location data to two third parties: Google and Twitter. Angry Birds collects your phone ID, location and contacts and sends them to Google or your phone ID and location to another company called Flurry.

You may be surprised by Angry Birds’ need for and transmission of your location data, but it’s most likely so the app developers can get more insight into its users (not really to see where you’re flinging birds at any point in time): Flurry is a mobile analytics company. The collection of your contacts and phone ID, however, are more unclear.

Another head-scratcher is Bejeweled, which sends your Bejeweled username and password as well as phone number to Facebook. And Dictionary.com sends your phone ID to multiple third parties (it’s one of the apps, along with Pandora and Best Alarm Clock Free, that transmit the most data (filter to see those in the WSJ database by clicking the dropdown on the right). Those kinds of sharing definitely raise some concern.

Sometimes what seems completely unnecessary (and kind of scary) can still have an actual function. Shopping rewards app ShopKick, for example, appears to turn on your microphone and record audio without you knowing about it. If you installed this shopping rewards app, you probably didn’t notice or think much about the permissions setting that allowed ShopKick to record audio and take pictures. ShopKick’s privacy policy suggests the company is using that recorded information to tell if you’re listening to a commercial or show on TV — maybe to tell more about you so it can tailor the discounts or ads it sends you. Yes, that’s creepy. But ShopKick’s audio listening may also serve a necessary purpose — to listen for a tone within a store (inaudible to us) so it can tell if you’re in a participating store, according to the New York Times.

What does all this mean? For most apps, there isn’t all that much cause for alarm. Location tracking is most often used for the developers’ analytics, much like online advertisers use your IP address to target ads to you. However, if this kind of location tracking makes your cringe, you should carefully review the permissions of each app you install to make sure you’re comfortable with its permissions. On Android, previously mentioned PermissionDog can help you easily review all your installed apps’ permissions settings.

A mobile security app like previously mentioned ESET Mobile Security (Android) or Lookout (iPhone and Android) can also watch your back when installing apps or check which apps access your location data.

Cheers,

Lifehacker

PS. What are your thoughts on mobile spying? Sound off in the comments.