Beam me up, flashlight!

16 Jun 2014

Anyone that has been to any of my presentations at recent conferences, or read my blogs, will know of my disdain for smartphone apps that do much more than what's written on the label.

I single out a particular "torch" app I discovered for my Android operated smartphone and was stunned when I happened to read the terms and conditions associated with it before I loaded it.

You can imagine my joy to read on a Veracode blog that the Federal Trade Commission (FTC) recently announced the terms of a settlement with GoldenShore Technologies, a one-man development shop based out of Idaho and creator of the popular Brightest Flashlight application for Android.

Back in December the FTC, in response to a number of complaints, began investigating the app, which was doing a lot more than turning on your phone's LED camera flash. Prior to installation, the app requested permission to reach the internet, to access contacts, and even to track real-time geolocation via GPS or IP address.

So why does a basic flashlight app need all those permissions? As I suspected, the reason is to collect and sell the private data of its users to less-than-scrupulous third parties, of course.

Yes folks, you read right, this one-man development shop had not only managed to attract an amazing 50 to 100 million users, he had also managed to gather lots of personal information (with their unknowing permission) and sell it on to some willing buyers.

I guess that proves that there is no such thing as a free app. You are going to pay somehow whether you like it or not. But just think for a moment how many other apps you have on your smartphone, most of which you never use but which are happily buzzing away in the background sharing your life habits with somebody you will never know.

However, they will know me, and after using some basic big data analysis will be able to sell me, at a premium, to anybody looking for a fully employed, married man, living at a specific location, driving a specific car, with a dog, who shops in a particular town and in these stores, etc. etc.

Now don't think for one minute that I am exaggerating. All that information, including images I shot with my camera, has been transmitted to somebody who can extract all of this and much more.

The law is so pathetically behind the times - the perpetrator got away with little more than a slap on the wrist after being told he was a naughty boy and that it shouldn't happen again. His victims got nothing, not even an apology. So what's to stop others from capitalizing on your personal data?

Who's to blame?

It is very difficult to point a finger at who is responsible for this sad state of affairs. Is it the developers of these free apps trying to make a quick buck? Is it the app store owners that don't bother to check and warn their customers of the impending danger? Is there a darker force lurking in the background helping pump out the free apps? Or is it simply inadequate regulation or laws to protect the unwary?

It is most likely a combination of all the above, yet the final responsibility must lie with all of us for being so gullible in thinking we could get something for nothing with no strings attached.

What should be of greater concern is the exposure enterprises are probably being subjected to. Enterprises that have a less than rigorous BYOD policy in place will be prime targets. What value would unscrupulous competitors place on conversations, images and emails going through all those employee smartphones each day?

Sadly, the only solution is to dump all those free apps and try and find paid apps that don't have their own nasty issues. Better still, dump that smartphone altogether and dig out your old Nokia 2110. Just think how simple life would become!

This article first appeared on Telecom Asia May/June 2014 issue

Related content

No Comments Yet! Be the first to share what you think!