A company that makes security software for smart phones has released a new product that shows when and how an app is snooping on you.
Called WhisperMonitor, the new software gives some Android phone users additional control over what their apps are doing. Two prominent computer security researchers, Moxie Marlinspike and Stuart Anderson, founded Whisper Systems, the company behind the software. The new software is rolled into the latest release of its main product, WhisperCore, which, among other things, encrypts the data that a user stores on an Android device.
WhisperMonitor joins a growing number of applications designed for privacy protection. These include Little Snitch, a Mac desktop application that intercepts applications attempting to connect to the Internet, and Lookout Mobile Security, which offers a premium version of its Android app that tracks what data apps can access.
Late last month, a controversy exploded after researchers discovered that iPhones and Android phones collect and store location data in a way that could allow companies to track users’ movements. Some users, concerned about how that data could be used, have launched lawsuits against smart-phone makers.
WhisperMonitor is designed to help users understand how data is collected and transmitted by apps running on their devices, and provides an interface that lets them make changes.
Marlinspike wrote in a tweet that his company plans to release application programming interfaces so that others can build products on top of WhisperCore. For now, WhisperCore only works on Nexus One and Nexus S phones, but Marlinspike wrote that there are plans to adapt the software for other devices soon.
“[WhisperMonitor] could certainly help users keep an eye on where [data is] going,” says Vincenzo Iozzo, an independent security researcher best known for hacking Apple’s iPhone. Iozzo warns that while the app might be able to prevent Android phones from transmitting location data, in the process it might break other applications or cause other problems for the phone.
“It can be a pretty useful instrument for experts, but I’m not really sure about the average Joe,” Iozzo says. Most people would likely struggle to figure out when to grant apps the permission to send out data, he says.
WhisperMonitor is a nice solution for those who have the desire and technical know-how to monitor their phone’s behavior at a low level, says Charlie Miller, a software security analyst for the research firm Independent Security Evaluators. “On Android, when installing, you either have to accept the permissions the app needs or you don’t install the app,” he says. “With WhisperMonitor, you can install an app that requests permission to the Internet and then deny that permission with WhisperMonitor.”
However, Miller notes, WhisperMonitor will induce many pop-ups. “If the user isn’t really into security, they’ll eventually get sick of them and allow all traffic or uninstall WhisperMonitor,” he says.
Next week, a U.S. Senate subcommittee that focuses on privacy and technology will discuss these issues in a hearing titled Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones, and Your Privacy.