Individuals have no reasonable expectation of privacy in historical mobile phone location data collected and maintained by phone companies, a federal prosecutor said in oral arguments on Monday before a three-judge panel from the Fifth Circuit Court of Appeals in New Orleans.
The court is reviewing an appeal from the U.S government in a case pertaining to the government’s authority to collect historical cell phone location data from a phone company without obtaining a formal search warrant first.
Federal prosecutors in the case have maintained that the Stored Communications Act (SCA) of 1986 allows them to use a relatively easy-to-obtain court order, called 2703 (d), to force a cellphone company to turn over historical cell-site location information on specific subscribers.
Privacy advocates have insisted that law enforcement authorities should be required to obtain search warrants based on higher reasonable cause standards before they can ask a carrier for cell phone location data. They have argued that any location data collected without such a warrant is a violation of Fourth Amendment rights against unreasonable search and seizure.
The case is an important one and comes at a time when lawmakers and courts around the country are grappling with the issue of warrantless tracking of location data by law enforcement authorities. Many have expressed concern that unbridled cell phone location tracking will let the government conduct extensive surveillance on cell phone owners.
What the malware creators intend to do with the privacy-invading information is still an unknown. The app runs in the background and appears on the smartphone or tablet as an icon with the word “store” written on it.
The store icon is apparently meant to fool the device user into thinking that it is only an e-commerce app, according to Bitdefender. In actuality, the malware broadcasts latitude and longitude of the device, as well as the name of the wireless carrier. It also attempts to enable the device’s Wi-Fi connection and scan for access points. All the data is transmitted to the remote server via the device’s Internet connection.
“Speculating on why all this information is broadcasted, we could conclude that infected devices act as beacons, providing attackers with a relative positioning of certain Wi-Fi networks and the frequency to which infected devices connect or interact with them,” BitDefender said in a blog post on Tuesday.
The lightweight spyware has no user interface and transmits location information every couple of seconds. Because the malware runs so effectively in the background, Bitdefender believes it will eventually be bundled with other apps.
Whether it’s spyware or another type of malicious app, the number of mobile malware is soaring. The rate of growth last year was 155 percent over 2010, according to Juniper Networks. During the first quarter of this year, the year-to-year increase was 30 percent, with spyware alone doubling. Most mobile malware is targeted at Android, the leading smartphone operating system.
Google’s Android operating system (OS) is the best place for developers in general, while the Blackberry OS is the best place for developers to make money, according to a report by Evans Data.
The Application Distribution report, which surveyed 400 commercial developers, shows that Android is the most used app store amongst commercial developers, with 47 per cent market share. Apple is not far behind at 43 per cent, but the shift from Apple’s prior dominance is likely to continue.
Android also came out on top as the best app store for developers over the long term, with many believing that the Android Market will be the pivotal place to develop for within the next two years.
Despite Android’s success, developers can still make more money by opting to use Blackberry’s App World, which appears to be paying out more than both Android and Apple. This is likely largely due to the enterprise nature of a lot of Blackberry devices and apps, which means a larger price tag for apps, compared with the mostly consumer nature of apps on Android and Apple devices, with more affordable pricing.
“The industry has a conception that developers are going to target either Android or Apple, and those two will define the market,” said Janel Garvin, CEO of Evans Data. “However, there’s room for more than two. Blackberry developers are not as plentiful but 13 per cent make over $100,000 from the App World apps, which is considerably more than Android or Apple developers, and will help that platform continue to be compelling to developers, especially in the enterprise.”
Of course, with Blackberry losing a lot of the market share it once had, it might not be a very attractive operating system to develop for much longer. Larger prices but lower sales might just average out or result in losses, compared to a more competitively priced and better selling app in the Android or Apple app stores.
Other findings in the report include a problem of app visibility, which was cited by 37 per cent of respondents. This would obviously have a large impact on sales. Unfortunately, the more each app store grows the more difficult it will be to find specific apps amidst the clutter. Having the search prowess of Google could answer this problem for Android, however.
The survey found that developers vastly prefer to sell paid apps rather than subsidise free ones with in-app advertising. The second most favoured approach is a subscription-based app.
Games remain the dominant app across most app stores, taking up 27 per cent of the catalogue. Business apps came in at 21 per cent, while productivity apps were not far behind at 20 per cent. So, while the consumer side of apps is clearly the strongest, there is still a call for enterprise apps, which could keep Blackberry alive in the face of the war between Apple and Google.
The proposed class action, filed in a Seattle federal court on Wednesday, states Microsoft intentionally designed camera software on the Windows Phone 7 operating system to ignore customer requests that they not be tracked.
A Microsoft representative could not immediately be reached for comment.
The lawsuit comes after concerns surfaced earlier this year that Apple’s iPhones collected location data and stored it for up to a year, even when location software was supposedly turned off. Apple issued a patch to fix the problem.
However, the revelation prompted renewed scrutiny of the nexus between location and privacy. At a hearing in May, U.S. lawmakers accused the tech industry of exploiting location data for marketing purposes — a potentially multibillion-dollar industry — without getting proper consent from millions of Americans.
The lawsuit against Microsoft cites a letter the company sent to Congress, in which Microsoft said it only collects geolocation data with the express consent of the user.
“Microsoft’s representations to Congress were false,” the lawsuit says.
The litigation, brought on behalf of a Windows Phone 7 user, claims Microsoft transmits data — including approximate latitude and longitude coordinates of the user’s device — while the camera application is activated. It seeks an injunction and punitive damages, among other remedies.
Those are the conclusions of researchers from Pennsylvania State University and North Carolina State University, who took a look at the top 1,100 free applications available in the Android Market. They didn’t find anything malicious, but a surprising number of the programs used unique identifiers such as the phone’s IMEI (International Mobile Equipment
Identity) number — sometimes without obtaining permission to do so from the user.
One concern is that these unique identifiers could be linked to Android users in databases, essentially providing a stealthy way to track what mobile phone users are doing online, similar to the tracking cookies stored by Web browsers. Unlike a tracking cookie, a mobile phone’s IMEI cannot be deleted.
The research follows up on work done by some of the same researchers who last year looked at 30 smartphone applications and found widespread sharing of location data and unique identifiers.
Researchers are only now beginning to put together a picture of what’s going on beneath the surface with these mobile phone apps, said William Enck, an assistant professor with North Carolina State University and one of the authors of the study. “I think people are starting to become more aware of this, but I don’t think there is widespread understanding of what the implications are,” he said.
“The paper really expands our understanding of what applications under Android really are doing…. and what they are doing with our data,” said Lee Tien, a staff attorney with the Electronic Frontier Foundation.
The EFF is concerned that these unique identifiers could be used to track consumer’s online activity, but Tien did find some encouraging findings in the study, too. “I was kind of happy to see that there doesn’t seem to be any obvious misuse of the audio video recording capacity for listening in and that sort of thing.”
The researchers call their work the “initial but not final word on Android application security.”