As legislators grapple with increasingly vocal smartphone owners concerned with privacy, a new Bill before the U.S. House of Representatives aims to require mandatory consumer consent prior to allowing the collection or transfer of data on such devices.
You may recall that a company called CarrierIQ recently became the center of attention after a user found their application quietly installed on his Android, seemingly behind the scenes. He characterized the software as a rootkit, because it seemed to be capturing low-level information as it was being entered by the user, and was there without his knowledge. The story grabbed its share of the headlines. Later, as CarrierIQ explained in more detail what their software did and for whom–gathered diagnostic data for mobile carriers–some of the headlines subsided.
But the whole CarrierIQ incident raised concerns among the public about what else might be going on behind the scenes on their Androids, iPhones, and other mobile devices. Naturally, users want to know and understand what is being collected, by whom, and what was being done with Personally Identifiable Information (PII) often found on mobile devices. And a lot of people want a requirement in place that capture and/or transfer of such data only happens with their explicit consent.
This has prompted lawmakers to take note. Now Democratic Representative Edward Markey has drafted a “Mobile Device Privacy Act” and placed it before the House, where it will begin the protracted journey toward becoming law. This can be a lengthy process, but it sends a signal to the industry that legislation may be coming. Whether this particular iteration of the bill becomes a law remains to be seen, but expect more activity surrounding privacy protection and security for the smartphone ecosystem going forward.
In the meantime, it’s a good idea to take your smartphone security into your own hands by being careful what apps you install, and where they came from. Since your Android (or other smartphone) packs such an amazing amount of processing power, it acts more and more like the traditional OS you have on your laptop. Because malware authoring is a numbers game, expect more malware to be released as the platform’s adoption increases in the coming months. Also, some security vendors are releasing security suites for various smartphone platforms (ESET included), for those who prefer an always-on solution to keep an eye on the security of their devices. In the end, though, there’s no substitute for keeping your eyes open for scams and protecting yourself through your own awareness.
Author Cameron Camp, ESET