The smartphone is the quintessential tool of the modern citizen. Since the advent of the first smartphone more than a decade ago, it has progressively evolved to become a vital extension in our lives, assisting us in a multitude of varied functions. The modern features and applications in smartphones and wearable devices such as Fitbit or Apple Watch, possess the capability to store and disseminate private and confidential information, allowing us to utilise them for a range of relevant online activities such as online shopping, internet banking, GPS tracking and more.
These features and apps, while essential in our daily lives, also present vulnerabilities that can be exploited because of the data collection that is required to use them. Many, if not all apps, require permission to access multiple areas in your smart devices such as e-mail, contacts, location, e-wallet, and more depending on the specifications that the app prompts during the initial startup. In addition, the physical features in our phones such as the camera and sensors, are also collectors of data that are more targeted towards refining the user experience.
Data Collection Through Data Tracking
Data collection happens through a process called Data Tracking. This process allows sensitive personal data such as users’ location, communications, finances, social media presence and activity, internet search history, and biometric data such as facial features and fingerprints. Additionally, a significant portion of data tracking also involves the collection of metadata – for example, the specific date and time a website is accessed or the recipient of an email.
Through Data Tracking in smartphones features, apps, and wearable devices, a digital profile is rendered based on a user’s online behaviour, activities, and information that have been tracked and monitored during the process. Various types of data including users’ interests, social interactions, browsing habits and preferences can be consolidated and analysed to form comprehensive profiles of the users
Security Risks Involved with Data Collection
Data collection has beneficial purposes such as businesses using advanced analytics to create, deliver, or refine individualised experiences to develop higher levels of user satisfaction, expectations, operational efficiency and loyalty to generate profits over a longer period of time.
However, the comprehensive digital profiles rendered and collected are also vulnerable to illicit activity that occurs without the users’ knowledge, control, or consent. Furthermore, these data can present a tangible threat to users’ livelihood if unwillingly leaked or exposed in cybercrime attacks like data breaches and hacking.
Data Trading Between Companies
Data Trading can be illegal if users are unaware of it happening to their digital profiles. The unlawful trade of personal data can lead to spam texts and unsolicited targeted marketing incurring a breach in user’s privacy. The Data Protection Act and The Privacy and Electronic Communications Regulation (PECR) presents enforced guidelines on organisational identity and access management and dissemination of personal information, and bestows specific privacy rights to users regarding electronic communications, respectively.
Nonetheless, these obligatory regulations can be ignored by malicious entities that seek to exploit users’ digital profiles for nefarious cyber activities.
Digital profiles of users are collected and amalgamated into digital footprints that consist of various facets of a user’s online activity, forming an in-depth knowledge about their online behaviour. Companies use this information to deliver personalised and targeted advertising aimed at providing users with a streamlined and customised experience to influence their purchasing habits.
Targeted advertising can also have negative repercussions that affect consumer behaviour. As an example, the advertising can be configured to capitalise on users with vulnerable finances, with predatory methods such as offering quick loans that have high interest rates.
On a corporate level, targeted advertising enables companies to engage in discriminatory practices that can affect users’ access and opportunities with regards to housing and unemployment. In addition, parameters such as ethnic affinity, age, or financial history can be ascertained through the webpages they have interacted with, and companies can use these parameters to control or limit opportunities for particular users with intentional gate-keeping of access.
Social Media / Shopping or Payment Applications
On the social media front, data collection occurs through a diverse range of methods including status updates, online interactions with others, number of friends or followers, and also the consistency of presence. Through social media and shopping or payment applications, confidential information such as creditworthiness, credit card numbers, identities, and addresses can be consolidated and stored for efficient form-filling in login or checkout pages.
The primary security risk for these websites are well understood; identity theft, doxing, security concerns, and stolen credit card details are the common pertinent worries associated. On a more advanced level, these sensitive personal data can be integrated into official legislation to implement methods of social assessment.
A prime example of this is China’s Social Credit System. While still in developmental stages, when completed and fully-implemented, it will be used to assess citizens and businesses’ social and economic reputation based on a standardised reference point. The ratings that each person or organisation receives will then be used for reward or penalty purposes such as elevated privileges in loan applications or a limited progression on a particular career path.
Tips to Mitigate Security Risks
Fortunately, users are not entirely helpless to these risks. There are various security habits and steps that can be undertaken to minimise their devices’ exposure to cybercrime. While these steps may vary in effectiveness, nonetheless, they all contribute to providing a secure barrier for your confidential data.
- Know Basic Security & Privacy Features of Your Smart Devices: The first thing you should do when you purchase new smart devices is to peruse all the security and privacy settings and ensure that they’re adjusted to protect your data.
- Use Safe Passcodes: The most basic step, passcodes should not be your birthday, identification number, or anything too simple. Use complex passcodes consisting of both capital and small alphabets, numbers, or an obscure phrase only know to you.
- Choose Apps Wisely: The best way to ensure your app has been vetted and is safe for use is through downloading them via trusted app stores such as iTunes, Android Market, or Amazon.
- Be Discerning with App Permissions: Pay attention to the features that an app requests permission to. For example, if a flashlight app requests permission to access your camera with no real purpose, then it should not be granted.
- Switch Off Unnecessary Services When Not in Use: Certain services such as your location services should be switched off when not in use. This is to prevent unauthorised tracking of your position or movement.
- Avoid Unknown Open WiFi Networks: While many places offer free and open WiFi connections, not all of them are secured. Malicious connections can engage in identity or credit card detail theft just by accessing your device through the network.
- Keep Smart Device Software Updated: Software updates contain essential updates that patch the vulnerable privacy and security holes in your device. Keeping your devices updated means you’re not left exposed to attacks that capitalise on preexisting vulnerabilities before the update.
There is a myriad of information from our smart devices that can be collected, collated and utilised to improve the overall quality of our online user experience and satisfaction. Ideally, users’ comprehensive digital profiles are used in a mutually-beneficial symbiosis between companies and consumers. However, there are also valid security concerns associated with data collection on our smart devices, as these private and confidential data can have a profound impact on our lives on a greater level too.