How mobile security is fueling subscriber insecurity


author name

Data Privacy Day--an annual international event spearheaded by the National Cyber Security Alliance to promote digital privacy awareness--is on tap for Jan. 28. Perfect timing given the hubbub Google (NASDAQ:GOOG) stirred up this week with the announcement that beginning March 1, it will connect user data across desktop and mobile services including Google+, Gmail and YouTube, consolidating more than 60 documents into its main Privacy Policy in a move to streamline standards across its platform. "The main change is for users with Google Accounts. Our new Privacy Policy makes clear that, if you're signed in, we may combine information you've provided from one service with information from other services," Google director of privacy Alma Whitten writes on the Official Google Blog. "In short, we'll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience."

Whitten goes on to outline potential consumer benefits of the move. "We can make search better--figuring out what you really mean when you type in Apple, Jaguar or Pink," she writes. "We can provide more relevant ads too. For example, it's January, but maybe you're not a gym person, so fitness ads aren't that useful to you. We can provide reminders that you're going to be late for a meeting based on your location, your calendar and an understanding of what the traffic is like that day. Or ensure that our spelling suggestions, even for your friends' names, are accurate because you've typed them before. People still have to do way too much heavy lifting, and we want to do a better job of helping them out."

But consumers who log into Google services won't be able to opt out of the revamped guidelines--and that has critics crying foul. "Google's new privacy announcement is frustrating and a little frightening," Common Sense Media chief executive James Steyer told The Washington Post. "Even if the company believes that tracking users across all platforms improves their services, consumers should still have the option to opt out--especially the kids and teens who are avid users of YouTube, Gmail and Google Search."

The question is how much consumers actually know about their privacy options, and about data security as a whole. A new survey conducted by the National Cyber Security Alliance and mobile security and productivity applications provider NQ Mobile indicates that user concern outstrips comprehension: While almost three-fourths of American consumers are aware of and worried about smartphone security and privacy threats, only 50 percent of respondents know how to turn off or set permissions for location tracking, and just 38 percent know how to disable geotagging. Ninety-five percent of subscribers believe at least one entity can track their location while their phone is on, although which entities users feel are capable of doing so varies widely--87 percent believe carriers can track a device's location, followed by hackers (57 percent), legitimate apps (54 percent) and data aggregators (24 percent).

Moreover, while 70 percent of smartphone users told the NCSA and NQ Mobile they have some kind of security or security software on their phone, only half actually could identify what type of security solution it is. Fifty-eight percent of smartphone users reveal they don't know enough about mobile security to decide whether they need it or not, and a majority of those without any mobile security features or safeguards don't have them because of a lack of understanding or complacency. "It's clear that smartphone users take protecting their data and privacy seriously, but they don't feel they know enough about how to keep their mobile devices safe," said NQ Mobile co-CEO Omar Khan in a statement.

The smart money says Google implemented its new standards to beat legislators to the punch--"that by creating a one-stop shop for privacy policy it will deflect regulatory action," Center for Digital Democracy executive director Jeff Chester told the Associated Press. There's no telling whether Google's plan will work, but with consumer confusion over digital privacy so pervasive, its proactive approach is a model other mobile players should follow. The Mobile Marketing Association is off to a good start: This week, the trade association finalized its MMA Mobile Application Privacy Policy guidelines, intended to offer developers a framework for creating more secure user experiences. The MMA supplies developers annotated guidance on core privacy principles alongside consumer-friendly language to consider using; the document also suggests ways to inform users on how data is obtained and used and offers guidance on security and confidentiality of information. It's a significant step towards pushing the realities of mobile privacy into the public eye.--Jason