You’ve just downloaded a new app and are starting it up for the first time. After the loading screen a bunch of questions pop up: can X-app send you messages? / share your location with X-app / give X-app access to your contacts-photos. It never ends. Everyone is familiar with this scenario, but what does it matter?
Although it doesn’t seem dangerous to share these details, it might put you in more harm than you think. Sharing your location can expose yourself, or others, without you wanting to or knowing it. When using car sharing apps like Uber or Lyft, or tracking your exercises with Apple watch or Strava, you’re trusting these companies with information about yourself. Unfortunately, these companies don’t always properly take care of the data. 4iQ monitors the surface, social and deep and dark web for identity records exposed in data breaches and accidental leaks1. They found ride sharing companies in Mexico and India that accidentally exposed sensitive information to the web. User’s ride requests include the time, exact pick-up location, number, addresses etc. This information and more was all available with a bit of digging.
When this information is combined with other location-based services, or even Twitter and Instagram, it can impose a real threat. The site PleaseRobMe.com is a prime example of this. It combines a stream of updates from various location-based networks and shows when users have checked in somewhere with for example Instagram… and thus aren’t at home. Knowing someone isn’t home gives the perfect chance for burgers to go and rob them (Siegler, 2018).
These cases already show the importance of keeping your privacy in check, but Strava stepped up the game in giving away information that probably shouldn’t be given away (Blue, 2018). Classified information even. In 2017, Strava (an app that tracks your exercises, where you’ve been, how fast etc.) published their global heat map. This heat map was built up from 1 billion sportive activities, 3 trillion longitude and latitude points, and 10 terabytes of data. It shows the most used trials to run, or best roads to ride your bike. It does, however, also show the location and patrolling routes of military bases, like this one in Kandahar, Afghanistan (Triebert et al., 2018).
So, willingly sharing data like your location could make yourself a target of criminals with malicious purposes. Or when combined with millions of other locations, it can even lead to the military reviewing their guidelines for wireless devices (Sly et al., 2018). These things definitely make me think about the privacy settings on my phone and whether companies are properly taking care of my data.
References:
- https://4iq.com/
- Siegler, M. (2018). Please Rob Me Makes Foursquare Super Useful For Burglars. [online] TechCrunch. Available at: https://techcrunch.com/2010/02/17/please-rob-me-makes-foursquare-super-useful-for-burglars/ [Accessed 30 Sep. 2018].
- Blue, V. (2018). Strava’s fitness heatmaps are a ‘potential catastrophe’. [online] Engadget. Available at: https://www.engadget.com/2018/02/02/strava-s-fitness-heatmaps-are-a-potential-catastrophe/?guccounter=1 [Accessed 30 Sep. 2018].
- Triebert, C., Koetll, C. and Tiefenthäler, A. (2018). How Strava’s Heat Map Uncovers Military Bases. [online] NYTimes.com – Video. Available at: https://www.nytimes.com/video/world/middleeast/100000005705502/big-data-big-problems-how-stravas-heat-map-uncovers-military-bases.html [Accessed 30 Sep. 2018].
- Sly, L., Lamothe, D. and Timberg, C. (2018). U.S. military reviewing its rules after fitness trackers exposed sensitive data. [online] Washington Post. Available at: https://www.washingtonpost.com/world/the-us-military-reviews-its-rules-as-new-details-of-us-soldiers-and-bases-emerge/2018/01/29/6310d518-050f-11e8-aa61-f3391373867e_story.html?noredirect=on&utm_term=.798cbfa5ea54 [Accessed 30 Sep. 2018].
Thank you for the post. This is very interesting for me question since I have watched an interview with Steve Wozniak, where he told about how protective he is from sharing the data on the Web. He uses VPN, does not have gmail and apple mail and turn off the cookies (18:00 min (in Russian), URL: https://www.youtube.com/watch?v=cbtJ-IvDzGg ). Wozniak realizes that this is irreversible process and we can not stop it – the only thing we can do is to protect ourselves in certain way. I have not heard about 4iQ before but using such services as this one can be a solution. Still, protecting data from the Apps is only one of the needs, all the information, which is stored in our phones and laptops, should be secured.
Ordinary user of the Web is not going to dive into nuances of data protection and to pay a lot of money for it. Information about these issues and potential solutions need to be spread on a global scale. Otherwise, the danger of sharing data will be hard to exaggerate.
Hi Stefan, your article reminds me of a big news about the security breaches Facebook faced in this year. Almost 50 million users’ personal information has been revealed to hackers in the recent cyber attack. Earlier this year, the Cambridge Analytica Data Scandal also affected more than 80 million users on Facebook. Through Facebook, the attackers also enable to stealing personal information from other apps that connect with Facebook, such as Instagram and Spotify. Your article gives us a warning about the possibly serious consequences of information leakage. Indeed, in order to provide personalized services, these apps require to access the users’ personal information or location. But even the advanced firewalls like Facebook has, cannot prevent every attack. How to protect the users’ personal information still is a hard nut to crack.
Source:https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html
Stefan, thanks for sharing this interesting post. Your article makes me think about the sensitive information I share with sites and apps in particular. I have to admit that I share a lot of sensitive information with apps without knowing how they protect it. The question that raises my mind is if people think about the consequences when they agree on sharing information like their location. Research has shown that people tend to have a feeling of distrust when sharing private and sensitive information with a company (Suh, Han 2003). In contrast, I think that a lot of people accept the pop-ups of the apps that they really would like to use without thinking about the consequences. Do you think that app developers should remind their customers of potential dangers of sharing sensitive information? Rather than just asking them if they want to share their information with the app.
In this case Strava published a global heat map without checking the data for potential classified information, so this wasn’t really a breach. But there are many other known cases where sensitive information was stolen. Recently, many passport numbers were stolen from the Air Canada App (Air Canada confirms mobile app data breach 2018). I don’t think that a lot of people stopped using the app, because they trust upon the organization fixing it. Additionally, do you think people are really willing to stop using the app in case of a data breach?
Air Canada confirms mobile app data breach 2018-last update [Homepage of AOL Inc], [Online]. Available: https://search.proquest.com/docview/2095966693 [09-10, 2018].
Suh, B. and Han, I., 2003. The impact of customer trust and perception of security control on the acceptance of electronic commerce. International Journal of electronic commerce, 7(3), pp. 135-161.