By Yardena Arar
What do you call software that collects and sends information about you to its developers, advertisers, and others? On a desktop, we’re likely to name it spyware.
But on a cell phone, tablet, or other mobile device we call it an app — never realizing that it might be operating much like spyware.
As difficult as the issues surrounding privacy on a desktop computer can be, they’re virtually child’s play compared to the issues that arise with mobile devices — which, at the very least, must identify themselves to gain access to public Wi-Fi or cellular networks. Cellular devices do this through a unique identification number attached to every voice call or data request — an ID that networks store as long as your device is turned on, whether it’s in use or not.
The closest equivalents in the desktop space are tracking cookies, which we have the freedom to delete. “With mobile device identifiers, there’s no ability to delete or opt out,” says Ashkan Soltani, an online privacy consultant who recently testified (PDF file) about mobile privacy issues before the U.S. Senate Judiciary Subcommittee on Privacy, Technology and the Law.
These unique identifiers give service providers — and many others — a powerful tool for tracking and recording your whereabouts. And although that history may be attached only to a number (not necessarily your name or other personal identification), Soltani said, a good researcher might be able to figure out your identity by cross-checking frequently visited locations — homes and workplaces, for example — against information in other databases. This information might then be used to send highly targeted marketing pitches, or it could be used for far more undesirable purposes.
How services use mobile devices to track you
You’ve probably seen those cop shows where suspects are tracked down by their cell’s proximity to cellular towers (or through GPS data on GPS-equipped devices). But geolocation technology doesn’t stop there. In his testimony, Soltani identified two additional means of pinpointing a mobile device’s whereabouts — both of which depend on databases maintained by little-known entities that also store information transmitted by the device.