Why smartphones know more about us than our families and what threats this poses

Today, we can't imagine life without smartphones and the Internet. And at the same time, we cannot do without apps that know everything about us. How many steps we walk a day, how many calories we burn, what we read and watch, where we go, when we go to bed. This seems convenient until we know that there are intruders on the other side of the barricade. They hack into the servers and apps we provide our information to, launch cyberattacks, create digital portraits of users, and gain access to financial accounts. Sound ominous? Nevertheless, everyone who uses a mobile phone needs to know about it.

What is personal data?

Personal Data refers to any personal and corporate information, financial account information (especially meaning access to online banking), and any facts of life that a person does not want to disclose. At the same time, according to applicable law, everyone has the right to know by whom and for what purpose personal data is used. And if it is found out that the personal information has fallen into the hands of someone else, the person under the law has the right to find out what specific data has become available to the public. And to decide which information he would like to keep secret.

How do we share personal data?

As amazing as it may sound, we share personal information all the time - and we don't even know with whom. How exactly does this happen?

• we install applications and, without reading the terms of use, consent to processing of personal data;
• we forget to regularly update applications and software, or we use unlicensed anti-virus software;
• we don't use strong enough passwords, we don't change them, or we use old, long-forgotten passwords, which, alas, may be recognized by cybercriminals;
• we keep Bluetooth turned on and don't disconnect so-called Internet of Things; xml-ph-0213@deepl.

Why do we do this?

Apps ask us for permission to access - and often the information we provide is more than necessary. For example, a photo editor will want access to media files, and that's obvious. But it's hardly worth allowing access to contacts.

Or, let's say, an Uber app won't be able to work without access to a customer's location. At the same time, having such information, drivers can "watch" the smartphone owner's movements even after the trip is over. Trip Related Data is responsible for this. By the way, we are talking not only about cars. The official website states: "In some cases, we are required to transfer data about Uber trips to municipal and federal authorities, as well as to local transportation authorities. To comply with these requirements, we collect data on the location and timing of rides on bikes and scooters."

What happens next?

Suppose our personal data is stored in the app of an online school specializing in learning English. Hackers break into the server and information is leaked - emails and other information accessed by the app falls into the wrong hands. And how the intruders will use it, nobody knows.

By the way, if you want to check if something like this has happened to your mailbox, use one of the portals like Have I Been Pwned. Personally, when I entered my emails I found out that two of them had been hacked on the server through which the information was leaked.

How to protect personal data?

• If the question lies within the competence of the European Union, one can turn to an international court and refer to several legislative acts:
• European Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (1981) - according to this act, personal information may only be accessed by governments and private companies by court decision;
• Law on Privacy in Electronic Communication (1986) - when signing contracts, banks and financial institutions are obliged to ask for permission to access personal data via an electronic signature.

It is to be mentioned that in case when the violation of human rights in connection with the theft of personal data is referred to national jurisdiction, a special court or a government authority of national importance has to be instituted.

Despite the legislation in force, the protection of personal data today has so many loopholes for breaking the law, that the statistics as of May 2020 is not encouraging. For example, 79% of those surveyed in a surveyconducted by the Pew Research Center express concern that companies are collecting their data. At the same time, 64% are concerned about the fact that the state has interest in personal data. 81% of respondents feel unprotected and unable to protect their data. And 46%, according to Salesforce, say they have lost control over personal information.

Why is this happening?

Big Brother is watching us

In some cases, a crisis situation arises in which the government considers it lawful to interfere in the personal space of citizens. At the same time, some people usually support the decisions made and voluntarily provide their data, while others complain that their rights have been violated. For example, in the spring in Australia, the government

argued that if most people downloaded the app COVIDSafe, the self-isolation regime would go away faster and life would get back to normal. Academic institutions were the first to be outraged. The University of Sydney, for example, together with The Conversation publicly , stated publicly, that health information apps violate human rights.

And the issue was this.

In late April, more than 5.87 million Australians downloaded COVIDSafe, an app created to make it easier for health officials to find who a person with COVID was in contact with.

The information is collected in the following way. The application collects anonymous id, using Bluetooth, and in the area of attention falls those who are in the immediate vicinity of the ill person, with the time of being near the ill person - at least fifteen minutes ago. People are instructed to keep their Bluetooth on at all times - only switch it off when you get home.

At the same time, turning on Bluetooth also allows other applications to read personal data, so using COVIDSafe is not as secure as you'd like it to be.

Speaking of invasion of privacy, it is worth noting that it is justified, due to the threat of a massive COVID outbreak. However, the global public continues to object to the use of such apps. For example, The Guardian managed to provethat the My Health Record online medical system fails to meet international cybersecurity requirements despite having invested $1.5 billion in it. Although the system was found to be effective, the government failed to ensure that access to an individual's personal medical data was legal.

The database had been collecting clinical information about Australian patients since 2012, but went out of business in 2020, at the request of information security services.

The point is that some software issues were found in the system that were causing information leaks.

At the same time, medical applications are not the only systems that should be blamed for the neglect of personal data. It must be said here that, in general, the concept of the smart city, connecting everyone to the global network, allows many processes to be simplified - but can also potentially harm residents of "digitized" cities.

For example, more than a hundred government agencies have accessed to information collected through the Opal smart card used by public transport regulars in South Wales.

Last year researchers from the International Computer Science Institute (ICSI) analyzed the performance of 24,000 apps running on Android. They found that 70% of them steal personal data. The ID is sent to companies, which then are able to track the movements and other apps that are being used.

Having fallen into the hands of hackers, this information will tell about the person everything - how many calories he consumes per day, how many kilometers he travels, where he goes, how many hours he sleeps, and so on.

At the same time, the researchers informed the Google employees about the problems, which were discovered, but they have not received an answer. 

As for seemingly innocuous travel apps, researchers from the mobile security solutions organization Zimperium tested thirty top mobile apps that provide information on flights, hotels, car rentals - and found that users' personal information is completely insecure.

In particular, 100% of iOS applications that we download from GooglePlay fail cybersecurity tests

. In the case of Android apps, things are a little better - said tests failed by 45%. But still 97% have problems affecting information leakage.

How to save privacy?

A reasonable question arises, can a person at the local level protect personal data if most mobile apps transmit data to third parties?

Of course, yes. For starters, we need to carefully read the terms of use offered to us by websites and offers. Although most internet users skip them, it is there that contains information about what personal data will go to other companies - hence the kind of targeted advertising your gadgets will show. As a result of you read, it's you who decide whether or not you want to pass on the information.

And a few more practical recommendations:

• Even if your smartphone permits you to download apps not from your own resource, you shouldn't do so.
• Apps usually ask for access to your files, camera and GPS, as well as contacts and profile information. While it's impossible to use your smartphone without giving apps access, you don't need to give permission for all the options.
• Don't forget about antivirus - it's also important to update your software at some intervals.
• Install a screen lock on your phone. If you lose your phone, without screen protection, a thief will have access to all your data - personal profiles, photos, social media accounts, shopping apps.

For those who want to know more

• Cyberwars for sale: how Hacking Team made Remote Control System a weapon and a commodity
• Beginner paranoiac's guide: some tips on information security
• Ukrainian hacker who became a secret weapon, and then the FBI's worst nightmare
• Big Brother won't keep track: how the world learned to trick face recognition systems
• How bitcoins are stolen in the Darknet: fraudsters used a modified Tor browser, stealing tens of thousands of dollars