How to Detect Apps Leaking Your Data
A service called Mobilescope acts as a watchdog, alerting users when apps copy and transmit sensitive information.
One reason that smartphones and smartphone apps are so useful is that they can integrate intimately with our personal lives. But that also puts our personal data at risk.
A new service called Mobilescope hopes to change that by letting a smartphone user examine all the data that apps transfer, and alerting him when sensitive information, such as his name or e-mail address, is transferred.
“It’s a platform-agnostic interception tool that you can use on your Android, iOS, Blackberry, or Windows device,” says Ashkan Soltani, an independent privacy researcher who created Mobilescope with fellow researchers David Campbell and Aldo Cortesi.
Their first proof-of-concept won a prize for the best app created during a privacy-focused programming contest, or codeathon, organized by the Wall Street Journal in April this year; the trio has now polished it enough to open a beta trial period. Access is steadily being rolled out to the “couple of thousand” people that have already signed up, says Soltani.
Once a person has signed up for the service, Mobilescope is accessed through a website, not as an app installed onto a device. A user can use the site to see logs of the data transferred by the apps on their device. They can also specify “canaries,” pieces of sensitive information such as a phone number, e-mail or name that trigger an alert if they are sent out by an app.
Mobilescope can catch apps doing things such as copying a person’s address book to a remote server, as Path and several other mobile apps were found to do earlier this year. Soltani says the service is intended to level the playing field between mobile apps and the people that use them by arming users with more information about what those apps do. As became clear when several popular apps were caught quietly copying contact data from users earlier this year, neither Apple’s nor Google’s mobile operating systems currently offer people much insight into or control of what apps are sharing (see “Apple Ignored Warning on Address-Book Access”).
“Our focus is making really simple the process of interception,” says Soltani. “If you’re not an advanced user, you can still get at this data using Mobilescope.”
When a person signs up for Mobilescope, a configuration file is sent to his device. Once installed, this file causes all future Internet traffic to be routed through a Mobilescope server so that it can analyze the data that comes and goes to the device and its apps. That arrangement is possible thanks to the way that smartphones are designed to be compatible with VPNs, or virtual private networks—encrypted communications that some businesses use to keep corporate data private. That design doesn’t add much delay to a person’s connection, says Soltani, in part because users are connected with a server as geographically close to them as possible.
Mobilescope can even examine data that is sent over the most common types of secure connection used by apps, similar to those used by banking websites, by intercepting the certificates involved. The service cannot decrypt other data, but Soltani says that few apps bother to use encryption. Data collected by Mobilescope is discarded after each session of use, and is only ever stored on a person’s own device.
Soltani says he doesn’t imagine Mobilescope will have the mass appeal of something like Angry Birds, but he hopes it will encourage journalists, activists, and ordinary smartphone owners to look into what apps do, and will help put more pressure on app developers to respect privacy. “Added transparency for everyone—app developers, users, regulators—will help the whole mobile ecosystem.”
An earlier version of Mobilescope gave users the power to send fake data to certain apps, for example sending a spoof location. “We had to pull that out because the ecosystem is not ready for it,” says Soltani, who says this broke some apps, sometimes in ways that could harm other users. A separate project does make that tactic available to Android users willing to use a modified version of their operating system (see “Use Their App, Keep Your Data”).
In April, Xuxian Jiang, an associate professor at North Carolina State University, published a study showing that the ad systems included in many Android apps endanger users’ privacy. Around half of these systems monitor a user’s GPS location, and some also collect call logs and other sensitive data (see “Android Ads Could Attack, Study Warns”).
Jiang, who has uncovered other security and privacy flaws with mobile apps, said that Mobilescope will be an “interesting” new tool for keeping tabs on apps. However, he adds that it can’t be guaranteed to catch everything, and says mobile privacy can only be improved with greater transparency from developers, improved privacy statements, and action from the creators of mobile operating systems. “[We] need of mechanisms for users to actually control apps’ access to various personal information,” he says.
Justin Brookman, who directs consumer privacy activity at the Center for Democracy and Technology, says this will require changes to the law, which currently simply encourages companies to write very broad privacy policies to avoid the penalties for writing false ones.
“Detailed disclosures are actually deterred by the law,” he says. The CDT is attempting to get legislation introduced that instead requires companies to explicitly tell consumers what’s happening to their data, and to provide them with more control over it.