I Know My Phone’s “Spying” on Me, But How Bad Is It?


I Know My Phone’s "Spying" on Me, But How Bad Is It?

Dear Lifehacker,
With all the hullaballoo about Carrier IQ spying on all those phones, I’m left wondering what else is my phone gathering about me? Should I be concerned, and if so, what should I do about it?

Not Trying To Be Paranoid

A healthy dose of skepticism is, well, healthy, and you’re definitely not alone in wondering what kind of private information your phone is gathering and what’s being done with it. The CarrierIQ rootkit is the most recent of many mobile privacy and security concerns that have been raised (though particularly worrisome because it comes preinstalled on your phone, and removing it can be difficult). The truth is, yes, your phone is tracking your location, and you may be surprised by which mobile apps are recording information about you. But it’s not always a big cause for concern. Here’s an overview:

Your Cell Phone Knows Where You Are

It’s no secret that our smartphones are location aware. The location technology that triangulates your position using GPS or cell tower information is behind many of our smartphones’ most useful features, from finding great places nearby to geotagging your photos to automatically delivering discounts based on the store you’re in.

The main concern for some about this location tracking is that Google and Apple (and the other major mobile OS makers) may be collecting and storing your very specific location data (for example, with the iPhoneTracker Maps collected on iOS). Google, Apple, and Microsoft have all said that they use this data to maintain their location databases and that the data is all anonymous or anonymized.

It’s unlikely these companies are gathering your info in order to track your every move like in some spy thriller, but if you’re worried or rather not send your location data to Google, Apple, or anyone else, location tracking can be turned off. In Android, go to Settings > Location and Security, and uncheck "Use Wireless Networks". On your iPhone, you’ll need to to jailbreak your device and use an app like previously mentioned Untrackerd. See our previous guide to stopping your smartphone from constantly tracking you for more considerations before you turn off location tracking.

Mobile Apps Can Collect Your Location, Phone Number, and Other Personal Details

It’s easier to put a little trust in large companies like Apple, Google, and Microsoft—they’ve got too much at stake to risk spying in a way that would really freak most people out. But your phone’s operating system is just one consideration. Apps may be collecting and transmitting even more details about your phone usage and other information. The most obvious reason is so marketers can use that data to sell you more stuff or send targeted ads, but with some apps, what’s being collected doesn’t immediately make a lot of sense.

The Wall Street Journal analyzed 101 popular apps
to show in an interactive database what each app collects and how it’s shared. Some apps access more data on your phone than what they transmit to either the app makers or to third parties like marketers or Google. Here’s what the database looks like (there’s also a useful chart in that WSJ article):

Foursquare, for example, collects your phone number, phone ID, location, age, gender, contacts, and Foursquare username and password, but only sends location data to two third parties: Google and Twitter. Angry Birds collects your phone ID, location, and contacts and sends them to Google or your phone ID and location to another company called Flurry.

You may be surprised by Angry Birds’ need for and transmission of your location data, but it’s most likely so the app developers can get more insight into its users (not really to see where you’re flinging birds at any point in time): Flurry is a mobile analytics company. The collection of your contacts is so the app can find your friends.

Another head-scratcher is Bejeweled 2, which sends your Bejeweled username and password as well as phone number to Facebook. And Dictionary.com sends your phone ID to multiple third parties (it’s one of the apps, along with Pandora and Best Alarm Clock Free, that transmit the most data; filter to see those in the WSJ database by clicking the dropdown on the right). Those kinds of sharing definitely raise some concern.

Sometimes what seems completely unnecessary (and kind of scary) can still have an actual function. Shopping rewards app ShopKick, for example, appears to turn on your microphone and record audio without you knowing about it. If you installed this shopping rewards app, you probably didn’t notice or think much about the permissions setting that allowed ShopKick to record audio and take pictures. ShopKick’s privacy policy suggests the company is using that recorded information to tell if you’re listening to a commercial or show on TV—maybe to tell more about you so it can tailor the discounts or ads it sends you. Yes, that’s creepy. But ShopKick’s audio listening may also serve a necessary purpose—to listen for a tone within a store (inaudible to us) so it can tell if you’re in a participating store, according to the New York Times.

What does all this mean? For most apps, there isn’t all that much cause for alarm. Location tracking is most often used for the developers’ analytics, much like online advertisers use your IP address to target ads to you. However, if this kind of location tracking makes your cringe, you should carefully review the permissions of each app you install to make sure you’re comfortable with its permissions. On Android, previously mentioned PermissionDog can help you easily review all your installed apps’ permissions settings.

A mobile security app like previously mentioned ESET Mobile Security (Android) or Lookout (iPhone and Android) can also watch your back when installing apps or check which apps access your location data.

What Else Is Gathered By Major Cellphone Providers

Beyond built-in location tracking settings on your device and mobile apps’ access to your info, wireless providers may also gather and keep other information, such as your call records, text message content, and cell towers used. The ACLU published this chart from the US Department of Justice of what each cell phone provider collects and for how long.

If you take issue with any of those practices for your provider, the only thing you can do right now is switch to another one and wait as the debate on mobile security continues (law-makers and mobile privacy experts are calling for more transparency on what’s collected and shared).


P.S. What are your thoughts on mobile "spying"? Sound off in the comments.

Photo remixed from an original by Yurchyks/Shutterstock.


Atif Unaldi

Setting up the BBS system enabling the communication of two persons over telephone lines when he was a student at the Physics Department at the Bosphorus University, Atıf Unaldı established the first Internet connection in Turkey. He achieved a “first of its kind” type project again in Turkey by making an Internet and information program at Radio D (Radio Club) named “Farenin Kuyrugu” (The Tail of the Mouse) between 1992-1994. In 1994, he prepared, presented and produced a nightly live show,”RadyoNet”, appearing five weekdays on Kanal D. This was the first program consisted of live computer pictures from beginning to end. Atıf Unaldı was the General Director of the first Internet server in Turkey, Anadolu.Net, between 1994-1996. Being the supervisor of the World Air Games I in 1996 and 1997, he registered the sportsmen into the games over the Internet and Intranet. In 1998, he also became the Internet supervisor of the Sabah Group, and worked as a consultant in the project to sell Sabah Kitapları (Sabah Books) over the Internet. In the same year, he continued to write at his column (Yeni Ufuklar-New Horizons) in the .Net magazine, which was a publication of the Milliyet Group. In 1999, he was appointed as the webmaster in Ihlas.Net, and he also designed and administered it. In the very same year, he wrote at a column in an IT magazine, Pcweek of the Sabah Group. In the meantime, founding a web-design company, Artmedya, Unaldı prepared an Internet magazine talk show program for BRT, GeceNet, which he presented with Romina Ozipekci. Later, continuing to write in his column in the magazine, Canteen of the Aksam Group, Atıf Unaldı gave web-design lectures in the Ceramic Department of the IU. Leaving his position in Canteen upon the establishment of the Interporbil Group, Unaldı has been a columnist in the economy magazine, EkoTimes. At the moment, Atıf Unaldı is the columnist in the Computerlife magazine. He has been also a columnist in Finansal Forum newspaper every Wednesday. Being the brand consultant of Buybye.com, Unaldi produced and presented a programme, TRON, in Technology Channel. As of December 2004, becoming the IT Director of Star Media Group, Unaldi carried out the editorship of STARTEK supplement of Star newspaper. Currently being the Internet Director of Kanal D and Star Tv, Unaldi also produces the Technorock programme in Rock Fm. Being one of the founders of the group called Sitebuilders supported by Microsoft, Unaldı has been organising conferences, seminars and panels concerning “Web-design”, “mobile Internet”, “e-trade” and “advertisement in the Internet” with the group. The group has been successfully providing the persons and organisations with its free educational studies. Published Books 2006 Netizen ( Internet Dictionary ) The contests he participated as a juryman: 2002 - Altın Örümcek Web Contest 2003 - Altın Örümcek Web Contest 2004 - Grafi2000 Flash Animation Contest 2004 - Altın Örümcek Web Contest 2005 - Altın Örümcek Web Contest 2006 - Web Marketing Assotion - Web Awards His published articles: The Structuring of the Internet in the Information Society of Turkey, Yeni Turkiye Dergisi (The New Turkey Magazine), March 1998 Web-design criteria, Yıldız Technical University Publication, 1994 Conferences, Seminars and Professional Activites: 1999 - Informing the sitebuilders and e-trade and web-design seminars in Microsoft headquarters (Istanbul) 1999 - Web-design, e-trade, Media Technologies seminars within Microsoft (Ankara, Istanbul, Izmir, Konya, Antalya) 2000 - e-trade seminars within Kosgeb (Ankara) 2000 - e-trade seminars in the Fatih University (Ankara) 2000 - The Bilgi University Internet seminars (Speakers: Microsoft Turkey General Director Sureyya Ciliv, Atıf Unaldı) 2000 - Within the framework of the IT 2000 activities, e-trade and web design seminars (Istanbul) 2003 - PRCI Turkiye (Istanbul) 2003 - Wireless Forum ( İstanbul) 2003 - ODTU ( Ankara ) 2003 - Mobiliz.biz ( İstanbul ) 2004 - PRCI ( İstanbul) The softwares he translated: 1996 - Windows Commander 2000 - Babylon Internet Dictionary 2002 - Sitepublisher Softwares: 1992 - The installation of two radio automation systems (Radyo Kulup and Radyo C) (1995) 1994 - The software of two computer programs (Crossword and Puzzle) which were played with the participation of the television audience at Kanal 6 television. 1996 - The Turkish version of a program called Windows Commander 1998 - A computer software enabling the automation of the TV advertisement department The organisations he is the member of: WSP (Web Standards Project) A global organisation Sitebuilders Microsoft ASP Guilt A world organisation Isoc (Internet Society) A world organisation Mobiliz.biz Mobile Advertising Platform CehTURK