For example: Less than 12 hours before the news broke that Carrier IQ was logging user keystrokes, recording telephone calls, and tracking user locations; I called my mobile carrier to ask about it. It just seemed odd that there was this application on my phone that started all by itself, and that I couldn’t turn off. “It’s just part of the Android system”, they told me, “nothing to worry about”.
Gee, I guess there really was something to worry about after all.
So, when I read a recent post on noted technology security expert Bruce Schneier’s blog this weekend about a soon to be released mobile phone app that is designed to allow you to monitor and control what information your phone is transmitting without your knowledge or consent; I felt a great sense of relief and vindication.
I have no idea whether MobileScope will actually work, but the comments following Schneier’s blog post made me realize a lot of other people share my reservations about the mysterious software running inside of their mobile phones. Like me, they are concerned about what appear to be unusually broad data access and control permissions required by even very simple mobile phone apps that have no apparent reason to need them.
Those include the ability to read/write to your SD card, track your location, access the Internet, and send texts. When I asked my mobile carrier about why apps running on my phone had these overly broad permissions; they had no answers. This, even though the apps in question were all native to my device. Since the applications came with the phone; I figured my carrier should be able to explain how they worked.
But they could not.
So, while trying to get adequate information from my carrier has proven to be an exercise in futility; what the development of an application like MobileScope shows, is that consumers are getting fed up enough to seek answers somewhere else. Whether or not they will be willing to pay extra for a service that really ought to be provided by their mobile carriers is unknown; but I suspect there are a lot of people who will be willing to do just that.
Meanwhile, those who make and distribute mobile security software have so far been just playing catch up with the “bad guys”. That is what Dr. Phyllis Schneck, McAfee Vice President & Chief Technology Officer Global Public Sector, said recently when she testified during a Congressional hearing on cybersecurity. Pulling no punches, she concluded; “the bad guys are winning”.
In order to fight back against online crime, espionage, and/or terrorist attacks; Schneck said, computer hardware (including mobile phones) has to be built so that it is more secure. She said the devices we use to access the internet have to be smart enough to recognize non-approved applications, and be able to shut them down. Without more security built-in from the ground up, she said; the fight to keep our devices secure once we start using them is much more difficult.
In addition, she argued; Internet Service providers (ISP’s) must join the fight, and start blocking malicious attacks on their networks.
Her remarks were part of the testimony the House of Representatives considered when they recently passed CISPA, the controversial internet security bill that has privacy advocates–including President Obama–up in arms. A similar bill is pending in the Senate, but it hasn’t passed yet.
On the plus side for mobile consumers; there are some positive developments. They include:
- Google is patching a recently discovered Android security hole that allowed unauthorized access to mobile phones connected to the internet via WI-fi.
- Aviation giant and major defense contractor, Boeing, is planning to make an ultra-secure Android phone.
- Mobile carrier, Sprint , has created a “mobile security alliance“, aimed at bringing mobile hardware, software, and security providers together in a collaborative effort to better protect consumers.
- Privacy advocates have called for a mobile users “Bill Of Rights“.
- The FCC is spearheading initiatives to protect consumer mobile phone data, including a nationwide stolen cell phone database, which will be activated within the next few months. Once it’s up and running, your carrier will be able to deactivate your phone and keep it from ever being used again, after you report it stolen.
- In the meantime; the FCC urges consumers to password protect and lock their devices as a hedge against data theft, and to use applications that allow them to remote-wipe data from their phones if they are lost or stolen.