Apr/May 2013

Don’t be John McAfee. McAfee, dodging questions about his neighbor’s murder in Belize, entertained the world during his three weeks on the lam with stories of fake identities, close calls, and government corruption via updates to his blog and social networks, and interviews in “undisclosed locations.” His jig was up when reporters from Vice magazine uploaded a photo that included McAfee’s location in Guatemala. He was arrested the next day by Guatemalan authorities for illegal entry.

It’s ironic that a data security icon was tripped up by an inadvertent data disclosure. Are you John McAfee? If you or your kids have uploaded photos from your mobile phone to Facebook, Flickr, or Instagram, you might be. These days, most mobile phones know where they are, and automatically attach geolocation data to images—unless you’ve tweaked your phone’s privacy settings. Every app on a mobile phone has its own privacy settings as well, so even if you’ve disabled location tagging on your phone, an app might report your location anyway.

It turns out mobile apps collect and share a lot of information in the background, and they don’t always tell you what they’re doing. Indeed, the U.S. Federal Trade Commission’s December 2012 report “Mobile Apps for Kids: Disclosure Still Not Making the Grade” revealed nearly 60% of the mobile apps they examined transmitted mobile device data back to the developers, advertising networks, analytics companies, and other third parties. They also found a relatively small number of third parties receive data feeds from a large number of mobile apps— concentration that could potentially permit these companies to develop detailed profiles of mobile phone users based on their location history andin-app behavior.

What Do They Know?
Mobile-phone location data varies widely in quality. Cellular networks keep track of mobile phones by cell site or sector, so they can route calls to the phone. Mobile networks offer the lowest quality location data, with actual location as far as 1,000 feet away from the network’s “fix.” This level of accuracy is fine for many location-based services, such as apps that locate nearby businesses. But a just-under-a-quarter-mile variance won’t cut it for check-in apps such as Foursquare or Shopkick that encourage users to visit particular businesses for special offers or glory points.

GPS data from mobile phones is better—generally within a few feet— though it’s not available indoors and many people keep GPS turned off to conserve battery life. Further location refinements come from Wi-Fi and Bluetooth sensors, which can triangulate a user’s location within feet. Going farther, some location providers deploy “beacons” that emit a known signal or tone that is picked up by a mobile app, or “fingerprint” all known radio sources at a particular venue to determine the specific location of a mobile phone. Location technologies used by law enforcement agencies can calculate a user’s precise location by evaluating tiny cellular network timing differences while a call is in process.

The phone’s many onboard sensors also come into play when determining location. High-end smartphones include multiple accelerometers plus a gyroscope and compass, all of which can be used to determine or reinforce direction and duration of travel. Combined with known location from the network, GPS, or another source, these sensors keep track of where auser goes in-between location fixes.

What Do They Do with It?
Once a mobile application company, or one of its partners, has collected a big pile of mobile-phone data, what can they do with it? Some location-based services collect millions, even billions, of mobile-phone records every day. These datasets may be shared or sold to partners which aggregate location records from as many sources as they can find to feed large-scale dataanalysis engines.

These data models evaluate the data and draw meaningful correlations, such as JiWire’s “Location Graph.” JiWire operates an ad network that runs on top of public Wi-Fi networks, such as those available at coffee shops and airports. Because of the broad coverage, JiWire is able to see the same mobile device pop up in many different venues. For example, JiWire can predict that X% of people who visit the bank go to adrug store next.

Throughout time, analysis engines can draw compelling profiles of mobile phone users and their behavior. The mBlox “Engage” platform aggregates mobile phone location, app usage, and other data to build complex algorithms that can narrowly target users likely to purchase a particular product or service. Advertisers can now deliver text and multimedia marketing messages to people who, for example, visited ‘location X’ at least once last week, used ‘app Y’ while they were there, and abandoned a shopping cartin ‘app Z’ within the past month.

Mobile phone user profiling is possible without asking them to opt-in. Analytical models can determine a mobile phone’s likely home address, for instance,based on where it spends the night.

Government Regulators Step In
December 2012 and January 2013 saw new government moves to improve mobile data privacy. Focusing on kids, the U.S. Federal Trade Commission issued a report on mobile privacy that described how mobile apps collect and share data about children with third parties, often without parental consent. They also revised the Children’s Online Privacy and Protection Rule, created by the 1998 COPPA (Children’s Online Privacy Protection Act), with provisions designed to protect children usingmobile applications.

California Attorney General Kamala Harris joined the fray with her January 2013 report “Privacy on the Go.” The report recommends best practices for app developers, app stores, mobile ad networks, mobile operators, and mobile phone operating system designers to improve andprotect mobile phone data privacy.

So next time you’re ready to upload an image to Facebook, stop and think about what data you may be disclosing. Social networks, mobile ad networks, and analytics providers already know a lot about where you go, what you do, and who your friends are. Do you want to add self-reporteddetails to the pile?

Maybe it’s time to take a tip from your granny and leave your cellphone off when you’re not using it. And for goodness’ sake—update your phone security settings from time to time.

Laurie Lamberth helps to connect companies and technologies to passionate and engaged customers through strategic marketing and business development. Learn more about Laurie’s consultancy and browse her prior publications at www.laurielamberth.com.

[button link="https://connectedworld.com/subscribe-connected-world/" color="default" size="small" target="_self" title="" gradient_colors="," gradient_hover_colors="," border_width="1px" border_color="" text_color="" shadow="yes" animation_type="0" animation_direction="down" animation_speed="0.1"]Subscribe Now[/button]

Gain access to Connected World magazine departments, features, and this month’s cover story!