Tuesday, February 28, 2012

What privacy?

Feeling naked in front of ad providers?
If I owned very evil malware company, I would make ​​an application that needs access to both contacts and Internet for some legitimate purpose. I will suck all the data that I can. If the user revokes the rights, he will lose functionality, and if he grants them back, application will continue sending his private data to me for my evil plans.

That's what I wrote couple of days ago as preparation for one article. And then the reality caught me.

British Sunday Times published, as some say, typical tabloid article about Android Facebook application with excessive rights; it can read your text messages and snap a snapshot of your surroundings whenever it likes (article is not free, so check this). Facebook opposed these claims fiercely. Not going into discussion what they really did or didn't do with the data, this scenario is perfectly plausible. Be it Android or iOS, once you allow certain permission, application can use it at its own discretion until you uninstall it (Android) or revoke the permission (iOS).

What to do? If I was very paranoid smartphone user, I would prohibit dangerous combinations of rights to all applications (Want location? No Internet connection for you!). If you are less paranoid, check permissions, assume 66% of the worst case scenario, and if application still pays off, use it.

You can also try other extreme: put webcams around your house, open curtains, disable all ad blockers. Get used to it. Become immune. Go naked to your balcony and smell fresh air, feeling free for the first time.