| 08 |
| Feb |
Free is Not Always Free – Is Your Privacy for Sale?
Article by Fearless Web TeamFiled under: Identity Theft,Miscellaneous,Mobile,Privacy,Social Networking | RSS 2.0 | 4 Comments |
Everyone loves something for free! And when it comes to smartphones and tablet users, apparently even not-free needs to be really, really cheap. However, we all know that when something is free or cheap there is usually a catch.
Developers of apps, for the most part, are not doing it for fun. It is a business and as such they need to make money. There are many ways to try and make money in the mobile app business:
- Selling your app for an upfront price
- Selling a subscription to the content that is displayed on your app
- Offering some bits free but charging for access to a premium set of features
- Charging for “consumables” in your app like weapons or clothing for your in-game character
These are just some of the ways that developers choose to feed themselves. Another way is through selling advertising space in your app, just like you would on your website. To do this, app developers sign up to an advertising network that automatically sends ads to the app to display while it is in use. Developers get a fee based on the different actions the user may take.
How Much Info Are You Willing to Share…
This may sound harmless, a bit annoying if an ad keeps popping up while you’re playing Angry Birds, but harmless. However, the question is what level of information are you willing to share about yourself in order to have that free app experience?
Have you ever been using an app and had an ad appear that seems far too relevant to you? I use a Samsung Nexus S and I often get ads that tell me my Nexus S could do something “magical” if I downloaded a new app. Or, I get offers for switching from my current carrier to one of the main competitors.
Currently, there’s a debate raging in the mobile security space. It started when another security firm, made the claim that they had uncovered the largest mobile botnet ever seen. They also claimed that millions of devices had been infected. Then it was revealed that the “infection” was actually a piece of software code used by an advertising network. This code called an “SDK” (software development kit) collects the following information and sends them back to the ad network:
- A code specific to your device(IMEI)
- Details about the device you are using, including brand and model
- The operating system and version
- Where you are located
It can also create bookmarks on your device, change your browser homepage and send you notifications. Other ad networks also collect details about the network you connect to and whether you are connected via WiFi.
The debate centers around whether apps with code inserted from an ad network are actually “malicious” as they collect so much information, and in this case can actually remotely make changes to your device without your knowledge or direct consent. Or, are these a legitimate form of advertising and monetization of a developer’s time and effort?
The opinion of our Trend Micro threat researchers is discussed here: http://blog.trendmicro.com/search-monetization-as-a-new-threat-to-the-mobile-platform/
Information is Money
When you think about it, the bigger ad networks with many apps in their stable can actually build a pretty good profile of the devices using their apps. Not only can they collect the information listed above, but they can tell what type of apps you install, what time of day you typically use apps, and even which types of apps you use when.
From all this data they can probably get a pretty good picture of age and gender of the user. And depending on the individual’s response to advertising campaigns, they may even be able to collect more direct personal information.
So, in an age where information is money, and personal privacy is valued higher than many other things – what allowances are you willing to make in order to play a free game on your phone?
I would love to hear from you about what you are willing to share to save a buck.
I work for Trend Micro and opinions expressed here are my own.
This entry was posted on Wednesday, 8. February 2012 and is filed under "Identity Theft, Miscellaneous, Mobile, Privacy, Social Networking". You can follow any responses to this entry with RSS 2.0. You can leave a response here, or send a trackback from your own site.
4 Comments to "Free is Not Always Free – Is Your Privacy for Sale?"
Gregg Jackson:Tuesday, 3. April 2012 at 3:27 am |
|
|
I think you have missed a much larger problem. I rarely download anything that is free, but paying upfront for an app is no assurance that it is not harvesting information from the user. Indeed, reading a Privacy Statement provides no assurance that the user knows what is being harvested–in part because the statements are so long and convoluted that most of us do not fully understand them. Trend Micro probably could modify its security products to detect and temporarily block all uploads not specifically initiated by the browser user, but so many applications require such uploads for their functionality that users would soon be bogged down approving the ones that are necessary. What’s the solution? I don’t know but I pay your company every year to protect me, and to date, with some caution on my part, it has spared me big problems. Thanks. |
|
Greg Boyle:Tuesday, 3. April 2012 at 11:33 pm |
|
|
Hi Gregg, Rest assured we are always looking at ways that we can effectively protect our users personal information. Thanks for the suggestions and thanks for taking the time to post. |
|
doug:Friday, 6. April 2012 at 3:30 am |
|
|
When I purchase an application I provide the supplier with personal & account information. Which is worse, giving away info needed to purchase with no assurance that usage information will not be collected or getting the free application & giving away usage information for certain? |
|
CPM Advertising:
Monday, 19. March 2012 at 6:53 pmIt’s going to be end of mine day, except before finish I am reading this fantastic post to improve my knowledge.