You can’t eliminate all the personal information your phone collects and shares about you. But you can limit it.
Can you stop your phone from leaking personal data about you?
Increasingly, the answer appears to be no.
A recent wave of corporate-data leaks and scandals related to sharing
of personal information has led to lawsuits, fines and regulatory
probes in the U.S. and Europe. Yet many cellphones and mobile apps
continue to gather user data, such as people’s locations and shopping
preferences, in order to share the information with other companies,
including advertisers.
We asked several privacy-conscious and
technologically savvy people what they do to protect their personal
information while using smartphones. And the responses weren’t
encouraging: They mostly agreed that smartphone users are at the mercy
of phone manufacturers and app developers’ data practices.
Georgia Weidman, founder and chief technology officer of Shevirah
Inc., a cybersecurity company focused on mobile devices, says she
doesn’t keep photos on her phones that she wouldn’t want to end up on
the internet, in case a hacker accesses her phone or an app accesses the
data. When even new devices can have hundreds of apps on them, Ms.
Weidman says, it’s also possible she may “make a misstep somewhere.”
Other
rules she sets for herself: She has different phones for work and
personal use, which helps to keep different kinds of data separate. She
limits to her personal device use of apps such as social-media platforms
that she thinks may “spy” on her data, and she doesn’t keep sensitive
information about corporate clients on any of her phones.
“It’s
nice that Facebook and WhatsApp know what you like, but you give up a
lot of privacy. It’s hardly worth it,” says Ms. Weidman, who explains
that she uses these platforms in combination with an app that blocks ad
tracking.
Christopher Weatherhead, technology lead at nonprofit
Privacy International, recommends using encrypted-messaging apps, such
as Facebook Inc.’s WhatsApp or Signal, instead of traditional text
messages. While some apps “are more secure and have better privacy
policies than something like WhatsApp,” he says, “WhatsApp is night and
day superior for personal privacy and security” compared with plain text
messaging.
Not everyone will go to the lengths that privacy
experts do to protect their communications. But they agree there are
some precautions anyone can take to guard their privacy. Here are some
other steps they recommend to limit the amount of personal data that
your phone collects and shares about you:
When you download mobile
apps, they may ask permission to track your location and other data. In
some cases, apps need that information to do what they promise, like
recommend restaurants nearby. But some may ask to access phone features
even though they don’t require that information. They may share data
with other companies that users may not be aware of. Many popular
smartphone apps share users’ locations, health details and other data
with social-media companies, a Wall Street Journal investigation
revealed. Other apps share personal data with advertisers.
“If
it’s an app that lets you play cards, it probably doesn’t need access to
the inner workings of your phone, your contact list, the internet and
your GPS,” Ms. Weidman says. She recommends watching what apps you’re
granting access to your camera, microphone, contacts list, location data
and other information.
Phone settings list options to shut off
apps’ access to location and other information. Ms. Weidman recommends
people review those permissions and refuse to download apps that request
access to anything they don’t need.
Apps may even continue to
collect data after a person stops using them. To cut down on the amount
of data a phone shares, people can delete apps they no longer use, says
Mr. Weatherhead.
Consumers might want to search the name of an app
online before downloading it, because the developer’s data practices
may already be well known, says Maureen Ohlhausen, a partner at law firm
Baker Botts LLP and a former chairman of the Federal Trade Commission.
A
quick internet search may turn up consumer complaints, lawsuits and
regulatory investigations into an app’s potential privacy violations.
Privacy concerns surfaced quickly this summer as more users downloaded
FaceApp, which lets people upload photos of faces and change them to
look older or younger.
Ms. Weidman says she uses mobile browser
plug-ins to stop advertisers from tracking her web activity and from
presenting her with targeted ads on social media. Plug-ins to block ad
tracking are available in app stores. In addition, she uses private
sessions on web browsers to prevent them from keeping a history of her
searches. Depending on the browser, private sessions are often described
as “incognito” or “private” windows in the toolbar.
One way to
limit the personal data that smartphones collect and send to advertising
companies is for users to regularly reset or turn off their advertising
IDs, which identify mobile-phone users, in their phones’ settings menu.
If a phone user changes their advertising ID, ad profilers cannot
connect data they collected before and after it was reset with the same
person, This reduces the amount of detailed personal information that
advertisers see from that device, Mr. Weatherhead says.
While it
might seem harmless if advertising companies obtain personal information
about mobile-phone users, many people may not realize that advertisers
might share that data with insurance companies and other business
partners, Mr. Weatherhead says.
Data leaks and cyberattacks are
less likely if people use up-to-date software. Often, hackers will
siphon data off devices by exploiting a problem in an app or a phone’s
operating system even after companies release a new, fixed version that a
victim hasn’t downloaded.
“Lots of criminal attacks go in through
vulnerabilities that are fixed and that you haven’t bothered patching,”
says cybersecurity expert Bruce Schneier, an adjunct lecturer at
Harvard’s Kennedy School of Government and a fellow at the Berkman Klein
Center for Internet and Society.
Cellphones are becoming a more
attractive target for hackers. Scammers send texts with links containing
malware that could compromise personal data, Ms. Weidman says.
Hackers
also call cellphones and use ploys to trick people. Don’t react
immediately to suspicious texts and phone calls that claim to be fraud
alerts, says Ms. Ohlhausen. For instance, she says she recently received
a phone call saying there was an alert related to activity on one of
her financial apps; she asked to call the company back after checking it
out herself.
“They try to throw you off and get you to react immediately,” she says. “Just be skeptical, take a breath.”
Mr.
Weatherhead switched to an iPhone from Android after Apple Inc. refused
to help the Federal Bureau of Investigation access encrypted data on
the phone of a terrorist after a shooting in 2015. Mr. Weatherhead
frequently travels abroad for his job and says authorities in some
countries may want to access information about his work with privacy
advocates.
“I want to know the data is staying on the phone,” he says.
Ms. Ohlhausen often decides to access the internet using mobile data
instead of connecting her phone to public Wi-Fi networks because the
connection may be less vulnerable to hackers. “Someone could be snooping
on your traffic when you’re on a public network,” she says. Some people
may want to use virtual private networks to protect their connection
from intruders when using public Wi-Fi, she says.
Mr. Schneier
says he accepts that a certain amount of risk comes with using the apps
he wants. Two-factor authentication adds an extra layer of security to
apps and makes it harder for hackers to access data, he says.
“Passwords are easy to steal, passwords are easy to guess,” he says. “Use two-factor authentication. It’s kind of a no-brainer.”
“Most
of your security and privacy is not in your hands,” Mr. Schneier says.
“You don’t have the ability to reverse-engineer it. You just don’t
know.”
COMMENTS