Abstract
This paper presents the results of a study about privacy risks when communicating and using the mobile Internet. For a better understanding of the wider issues a brief introduction explains the capacity of smartphones to protect a user’s privacy and the availability of circumvention tools against state initiated blocking. A case study researches the relationships and associations between the level of the telecommunications market development, the wealth of a country, user proficiency, the affordability of mobile technology, the level of user tolerance of state-implemented content censorship, and similar privacy threats.
Similar content being viewed by others
Notes
Example of UK legislation in this area includes the Mobile Telephones (Re-programming) Act 2002 http://www.legislation.gov.uk/ukpga/2002/31/section/1 (last accessed 14-May-2013).
An approved list of acceptable devices for a company enables CYOD—Chose Your Own Device.
In November 2014 Sony Entertainment was hacked and large volumes of commercial and personal data were stolen Invalid source specified along with embarrassing emails of senior employees.
A false-negative is when content is not blocked by the filter when it should be blocked.
A false-positive is when content which should not be blocked but is blocked by the filter. Since the positive result is incorrect it is called a false-positive.
Hillary Rodham Clinton, US Secretary of State, The Newseum, Washington, DC, January 21, 2010. Available at http://www.state.gov/secretary/rm/2010/01/135519.htm.
References
3GPP: International Mobile station Equipment Identities (IMEI) (Release 9) (2009). Retrieved May 2013, from 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects: http://www.3gpp.org/ftp/Specs/archive/22_series/22.016/22016-900.zip
Acquisti, A., Friedman, A., Telang, R.: Is there a cost to privacy breaches? An event study. In: International Conference on Information Systems ICIS (2006). Paper 94. AIS Electronic Library (AISeL)
Adams, A., Sasse, M.: Taming the wolf in sheep’s clothing: privacy in multimedia communications. In: Proceedings of the Seventh ACM International Conference on Multimedia (Part 1), pp. 101–107. ACM, New York (1999)
Banuri, H., Alam, M., Khan, S., Manzoor, J., Ali, B., Khan, Y., et al.: An Android runtime security policy enforcement framework. Pers. Ubiquitous Comput. 16(6), 631–641 (2012)
BBC News: Sony pays up to $8m over employees’ hacked data (2015, October). Retrieved from BBC News: http://www.bbc.com/news/business-34589710
Beckett, P.: BYOD—popular and problematic. Netw. Secur. 2014(9), 7–9 (2014)
Bellens, R., Vlassenroot, S., Verstraeten, D., Guatama, S.: Collecting and processing of crowd behaviour data by the use of cell phone data. In: 18th World Congress on Intelligent Transport Systems (ITS World 2011) Keeping the Economy Moving, Ghent, Belgium (2011)
Bellotti, V., Sellen, A.: Design for privacy in ubiquitous computing environments. In: Proceedings of the Third European Conference on Computer-Supported Cooperative Work, ECSCW’93, 13–17 September 1993, pp. 77–92. Springer, Milan (1993)
Bencie, L.: Among Enemies: Counter-Espionage for the Business Traveler. D. Street Books, Mountain Lake Press, Mountain Lake Park (2013)
Birnhack, M.: The EU data protection directive: an engine of a global regime. Comput. Law Secur. Rev. 24(6), 508–520 (2008)
Bury, S., Ishmael, J., Race, N.J., Smith, P.: Designing for social interaction with mundane technologies: issues of security and trust. Pers. Ubiquitous Comput. 14(3), 227–236 (2010)
Callanan, C., Dries-Ziekenheiner, H., Escudero-Pascual, A., Guerra, R.: Leaping over the Firewall: A Review of Censorship Circumvention Tools. Freedom House, Washington (2011)
Cisco: Cisco 2014 Annual Security Report (2014, January). Retrieved July 10, 2017, from Cisco: http://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf
Cisco: Lawful Interception for 3GPP: Cisco Service Independent Intercept in the GGSN (2014, July 7). Retrieved July 10, 2017, from Cisco: http://www.cisco.com/c/en/us/about/security-center/lawful-interception-3gpp.html
Council of Europe: Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108). Council of Europe, Strasbourg (1981)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation Onion Router. Naval Research Lab., Washington (2004)
Disterer, G., Kliener, C.: BYOD bring your own device. Proc. Technol. 9, 43–53 (2013)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245. ACM, Chicago (2009)
European Commission: 2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued. Brussels (2000)
European Court of Human Rights: Reference for a preliminary ruling from High Court of Ireland (Ireland) made on 25 July 2014—Maximillian Schrems v Data Protection Commissioner, Strasbourg (2015)
Felt, A., Egelman, S., Wager, D.: I’ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 33–44. ACM, Raleigh (2012)
Fleizach, C., Liljenstam, M., Johansson, P., Voelker, G., Mehes, A.: Can you infect me now?: malware propagation in mobile phone networks. In: Proceedings of the 2007 ACM Workshop on Recurring Malcode WORM’07, pp. 61–68. ACM, Alexandria (2007)
Forbes Magazine: How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did (2012, Feb 16). Retrieved from Forbes Technology: http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/
FreedomHouse: Freedom on the Net 2013, FreedomHouse, Washington (2013)
Gebauer, J., Shaw, M.: Success factors and impacts of mobile business applications: results from a mobile e-procurement study. Int. J. Electron. Commer. 8(3), 19–42 (2004)
Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day Android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, MobiSys’12, pp. 281–294. ACM, Low Wood Bay (2012)
GSMA: GSM Association Specification for A5/3—Technical Specification (2000). Retrieved May 2013, from 3GPP: http://www.3gpp.org/ftp/tsg_sa/wg3_security/tsgs3_13_yokohama/docs/pdf/s3-000362.pdf
GSMA: IMEI Allocation and Approval Guidelines (2011, Jul 27). Retrieved May 2013, from GSMA: http://www.gsma.com/newsroom/wp-content/uploads/2012/03/ts0660tacallocationprocessapproved.pdf
Hallinan, D., Friedewald, M., McCarthy, P.: Citizens’ perceptions of data protection and privacy in Europe. Comput. Law Secur. Rev. 28, 263–272 (2012)
Hansen, F.: Consumer choice behavior: a cognitive theory. In: F. Hansen, Consumer Choice Behavior: A Cognitive Theory, pp. 493–538. Free Press, New York (1972)
Internet Society: Internet Society 2013 Annual Report (2013, December 15). Retrieved July 11, 2017, from Internet Society: https://www.internetsociety.org/publications/internet-society-2013-annual-report
Internet Society: Global Internet Report 2015 (2015). Retrieved Nov 20, 2017, from Internet Society: https://www.internetsociety.org/globalinternetreport/2015/
ITU Broadband Commission for Digital Development: Why National Broadband Plans Matter—Broadband Commission (2013, July). Retrieved July 10, 2017, from ITU Broadband Commission for Digital Development: www.broadbandcommission.org/documents/reportNBP2013.pdf
ITU Broadband Commission for Digital Development: A 2013 report—Broadband Commission (2013, September). Retrieved July 10, 2017, from ITU Broadband Commission for Digital Development: www.broadbandcommission.org/documents/bb-annualreport2013.pdf
ITU: Measuring the Information Society 2012 (2012). Retrieved July 12, 2017, from ITU: https://www.itu.int/en/ITU-D/Statistics/Documents/publications/mis2012/MIS2012_without_Annex_4.pdf
ITU: Measuring the Information Society Report 2013 (2013, October 7). Retrieved July 11, 2017, from ITU: http://www.itu.int/en/ITU-D/Statistics/Pages/publications/mis2013.aspx
Jamaluddin, J., Zotou, N., Edwards, R., Coulton, P.: Mobile phone vulnerabilities: a new generation of malware. In: Consumer Electronics 2004 IEEE International Symposium, pp. 199–202. IEEE, New York (2004).
Joinson, A., Reips, U., Buchanan, T., Schofield, C.: Privacy, trust, and self-disclosure online. Hum.-Comput. Interact. 25(1), 1–24 (2010)
Kargl, F., Lawrence, E., Fischer, M., Lim, Y.Y.: Security, privacy and legal issues in pervasive eHealth monitoring systems. In: 7th International Conference on Mobile Business, pp. 296–304 (2008)
Kingpin, K., Mudge, M.: Security analysis of the palm operating system and its weaknesses against malicious code threats. In: Proceedings of the 10th Conference on USENIX Security Symposium, 10, pp. 1–18. USENIX Association, Washington (2001)
Kravets, D.: U.N. Report Declares Internet Access a Human Right (2011, June 3). Retrieved July 11, 2017, from Wired: https://www.wired.com/2011/06/internet-a-human-right/
Liang, T., Yeh, Y.: Effect of use contexts on the continuous use of mobile services: the case of mobile games. Pers. Ubiquitous Comput. 15(2), 187–196 (2011)
Lo, C., Chen, Y.: Secure communication mechanisms for GSM networks. IEEE Trans. Consum. Electron. 45(4), 1074–1080 (1999)
Maitland, C., Thomas, H., Tchouakeu, L.: Internet censorship circumvention technology use in human rights organizations: an exploratory analysis. J. Inf. Technol. 27(4), 285–300 (2012)
Microsoft: Microsoft’s PhotoDNA: Protecting children and businesses in the cloud (2015, Jul 15). Retrieved Oct 2017, from Microsoft Digital Cybercrime Center: https://news.microsoft.com/features/microsofts-photodna-protecting-children-and-businesses-in-the-cloud/
Mylonas, A., Dritsas, S., Tsoumas, B., Gritzalis, D.: Smartphone security evaluation the malware attack case. In: 2011 Proceedings of the International Conference Security and Cryptography, SECRYPT, pp. 25–36. IEEE, Seville (2011)
Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013)
Mylonas, A., Meletiadis, V., Mitrou, L., Gritzalis, D.: Smartphone sensor data as digital evidence. Comput. Secur. 38, 51–75 (2013)
Mylonas, A., Theoharidou, M., Gritzalis, D.: Assessing privacy risks in Android: a user-centric approach. In: International Workshop on Risk Assessment and Risk-Driven Testing, pp. 21–37. Springer, Istanbul (2013)
OpenNet Initiative (ONI): Research (2012, June). Retrieved July 11, 2017, from OpenNet Initiative (ONI): https://opennet.net/research
Price, B., Adam, K., Nuseibeh, B.: Keeping ubiquitous computing to yourself: a practical model for user control of privacy. Int. J. Hum.-Comput. Stud. 63(1), 228–253 (2005)
Reuters: Sony to pay up to $8 million in ‘Interview’ hacking lawsuit (2015, Oct 20). Retrieved from Reuters: http://www.reuters.com/article/2015/10/20/us-sony-cyberattack-lawsuit-idUSKCN0SE2JI20151020
Romer, H.: Best practices for BYOD security. Comput. Fraud Secur. 2014, 13–15 (2014)
Roskowski, S., Kolm, D., Ruf, M., Jaquet, J., Othmer, K.: Patent No. 7609650 B2, US (2009, October 27)
StatCounter: StatCounter GlobalStats (2012). Retrieved July 11, 2017, from StatCounter: http://gs.statcounter.com/
The New York Times: How Companies Learn Your Secrets (2012, Feb 16). Retrieved from The New York Times Magazine: http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?pagewanted=1&_r=2&hp
United Nations Humans Rights Council: Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue (2011, May 16). Retrieved July 11, 2017, from United Nations: http://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/A.HRC.17.27_en.pdf
US Federal Bureau of Investigation: Safety and Security for the Business Professional Traveling Abroad (2017, July 11). Retrieved July 11, 2017, from US Federal Bureau of Investigation: https://www.fbi.gov/file-repository/business-travel-brochure.pdf/view
Van Leeuwen, D.: Bring your own software. Netw. Secur. 2014(3), 12–13 (2014)
Variety: Sony Ex-Employees File Amended Class Action Suit Over Hacking Attack (2015, March 3). Retrieved from Variety: http://variety.com/2015/biz/news/sony-hack-scandal-lawsuit-1201445372/
Vlassenroot, S., Gillis, D., Bellens, R., Gautama, S.: The use of smartphone applications in the collection of travel behaviour data. Int. J. Intell. Transp. Syst. Res. 13(1), 17–27 (2015)
Wang, Y., Streff, K., Raman, S.: Security threats and analysis of security challenges in smartphones. Computer 45(12), 52–58 (2012)
Wong, R.: Data protection: the future of privacy. Comput. Law Secur. Rev. 27(1), 53–57 (2011)
Wustrow, E., Wolchok, S., Goldberg, I., Halderman, J.: Telex: anticensorship in the network infrastructure. In: 20th USENIX Security Symposium, pp. 459–474. The USENIX Association, San Francisco (2011)
Yan, Z., Liu, C., Niemi, V., Yu, G.: Exploring the impact of trust information visualization on mobile application usage. Pers. Ubiquitous Comput. 17(6), 1295–1313 (2013)
Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets. In: 19th Annual Network & Distributed System Security Symposium, 25, pp. 2017–2023. ISOC, San Diego (2012)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Callanan, C., Jerman-Blažič, B. Privacy risks with smartphone technologies when using the mobile Internet. ERA Forum 20, 471–489 (2020). https://doi.org/10.1007/s12027-019-00572-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12027-019-00572-y