The Electronic Frontier Foundation—a nonprofit that advocates for online and electronic privacy—has released a prospective bill of rights for mobile device users. It includes provisions that address some of the most well-known security holes in these devices. Of course, the industry is under no obligation to adopt any of these standards, and because of that, the bill of rights is symbolic. What it illustrates, however, are some of the most significant privacy threats that mobile users face.
The first provision of this bill of rights has to do with the user’s right to control their data. Currently, users have very little control over this, particularly where applications are concerned. In fact, taking a look at most of the permissions required by mobile device applications will reveal that they want access to network communications and many other aspects of the user’s habits that really have nothing to do with the application itself. This is a frequent complaint on the reviews for applications designed for mobile devices.
The bill of rights also offers advice on how data should be collected. For example, the data that an application collects should be transparent to the user and it should be focused on the purpose of the application. Part of the reason that people have expressed concerns about this is because some of the data that applications have gathered in the past has been used for marketing purposes that the user did not necessarily approve of. For example, contact lists may be used to harvest e-mail addresses that can be used for marketing purposes by a third-party agency.
A major bone of contention with users has been who is actually responsible for abusing data when abuse happens. It can be difficult to lay the blame at the feet of any particular agency and, most certainly, it’s difficult to go after the huge wireless carriers for breaches of data security.
One solution that users can employ to protect their privacy on their mobile devices is the use of VPN services. These secure the user’s IP address and they encrypt the communication that the user is sending and receiving over the Internet. This provides them with a level of security that ensures that, even if somebody is listening in, they cannot get any useful data off the connection and the user does not have to worry about their personal data being exploited by a marketer or another agency.