How Companies Can Access Your Smartphone Data

It is amazing; for almost every need, there's an app you can install on your smartphone – games, navigation, editors, barcode readers, messaging – there’s hardly a topic that doesn't exist.  Since almost everything is free to download, how do developers finance these programs?

The financing for free apps works on the one hand, of course, by advertising.  If you don’t want to see advertisements, there is typically a version you can pay for. On the other hand, for a free app, the flow of money is not as evident – and this is where the sale of private data begins.

With which data can you earn money?

The question arises, with which data can you earn money?  What is so interesting about my private information that someone wants to spend anything at all?  Here again, advertising comes into play. The combination of name, telephone number, and address is already worth something.  If there are tens of thousands of contacts available, a pretty penny is due.  If there is a motion profile created over a longer period of time, plus search queries from Google, Amazon purchases, and travel bookings, clever algorithms can predict the plans and consumer wishes of the respective user.  Accordingly, they receive personalized advertising. The success rate of this type of advertising is very high.

So, how do data collectors get information from our smartphones?  Are Trojans or an illegal spying program used?  Not at all!  We ourselves give the developers of the apps the permission to retrieve the data - and much more.

Installing an app

If you want to install an app, you must give the program certain permissions to perform its service.  A navigation application must be able to access GPS.  Anyone who wants to take a picture must allow the app to use the camera, that's logical. If, however, a flashlight app would like to have the right to send an SMS, or to use a camera and microphone or to access the contact data base, a red warning light should go on in your brain. With these permissions (and corresponding comments in the Terms of Service), the company, which developed this app, can send data to its own (and also foreign) servers - unintentionally and in the background.

The Center for European Economic Research (ZEW) has researched about this topic and investigated apps within the Google Play Store. The result: every second free app is only downloadable if it has access to sensitive information. The researchers identified 136 different rights that the apps demand, 14 of them must be regarded as problematic for the protection of privacy. You can read the study here.  What these different app rights mean and what consequences they have in everyday life is explained here.

Internet access

An app, which has Internet access, can send data anywhere, anytime.

Phone

With this privilege, apps can dial phone numbers without the user of the smartphone being aware of it.  Some apps - for example, Skype - require authorization.  If, however, an application, which really has nothing to do with telephone calls, requires this right, one should do without it.

SMS

This allows the app to send SMS messages. Malicious apps could complete subscriptions via SMS - high costs included.

Photos / Media / Files

When an app gets this permission, it can access the entire memory, read, edit, and delete data.  However, many apps require this permission to store their own settings. If an app also receives Internet access, it could upload the photos stored on the smartphone to the Internet.

Contacts

This allows an app to access the stored contacts. SMS apps, address books, and social networks need this, and they're usually unnecessary for other apps.

Device and app history

With this permission, the app can track the complete smartphone activity in real-time.  Some apps require this permission to send bug reports to the developers.

Location

The authorization is necessary for navigation and apps that use location.  However, motion profiles can be created by the data sent.

Identity

This allows the app to find out which user accounts exist and how they connect. Apps with this permission are able to read and modify the contact card on which you can locate the phone number, and sometimes, the picture.

Record pictures and videos

This permission can turn the smartphone into a surveillance camera.

If you've experienced data loss on your smartphone, read more about Ontrack's expert data recovery service.