Skip to main content
SpringerLink
Log in

Privacy risks with smartphone technologies when using the mobile Internet

  • Article
  • Published:
ERA Forum Aims and scope

Abstract

This paper presents the results of a study about privacy risks when communicating and using the mobile Internet. For a better understanding of the wider issues a brief introduction explains the capacity of smartphones to protect a user’s privacy and the availability of circumvention tools against state initiated blocking. A case study researches the relationships and associations between the level of the telecommunications market development, the wealth of a country, user proficiency, the affordability of mobile technology, the level of user tolerance of state-implemented content censorship, and similar privacy threats.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. Example of UK legislation in this area includes the Mobile Telephones (Re-programming) Act 2002 http://www.legislation.gov.uk/ukpga/2002/31/section/1 (last accessed 14-May-2013).

  2. An approved list of acceptable devices for a company enables CYOD—Chose Your Own Device.

  3. In November 2014 Sony Entertainment was hacked and large volumes of commercial and personal data were stolen Invalid source specified along with embarrassing emails of senior employees.

  4. A false-negative is when content is not blocked by the filter when it should be blocked.

  5. A false-positive is when content which should not be blocked but is blocked by the filter. Since the positive result is incorrect it is called a false-positive.

  6. Hillary Rodham Clinton, US Secretary of State, The Newseum, Washington, DC, January 21, 2010. Available at http://www.state.gov/secretary/rm/2010/01/135519.htm.

References

  1. 3GPP: International Mobile station Equipment Identities (IMEI) (Release 9) (2009). Retrieved May 2013, from 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects: http://www.3gpp.org/ftp/Specs/archive/22_series/22.016/22016-900.zip

  2. Acquisti, A., Friedman, A., Telang, R.: Is there a cost to privacy breaches? An event study. In: International Conference on Information Systems ICIS (2006). Paper 94. AIS Electronic Library (AISeL)

    Google Scholar 

  3. Adams, A., Sasse, M.: Taming the wolf in sheep’s clothing: privacy in multimedia communications. In: Proceedings of the Seventh ACM International Conference on Multimedia (Part 1), pp. 101–107. ACM, New York (1999)

    Chapter  Google Scholar 

  4. Banuri, H., Alam, M., Khan, S., Manzoor, J., Ali, B., Khan, Y., et al.: An Android runtime security policy enforcement framework. Pers. Ubiquitous Comput. 16(6), 631–641 (2012)

    Article  Google Scholar 

  5. BBC News: Sony pays up to $8m over employees’ hacked data (2015, October). Retrieved from BBC News: http://www.bbc.com/news/business-34589710

  6. Beckett, P.: BYOD—popular and problematic. Netw. Secur. 2014(9), 7–9 (2014)

    Article  Google Scholar 

  7. Bellens, R., Vlassenroot, S., Verstraeten, D., Guatama, S.: Collecting and processing of crowd behaviour data by the use of cell phone data. In: 18th World Congress on Intelligent Transport Systems (ITS World 2011) Keeping the Economy Moving, Ghent, Belgium (2011)

    Google Scholar 

  8. Bellotti, V., Sellen, A.: Design for privacy in ubiquitous computing environments. In: Proceedings of the Third European Conference on Computer-Supported Cooperative Work, ECSCW’93, 13–17 September 1993, pp. 77–92. Springer, Milan (1993)

    Google Scholar 

  9. Bencie, L.: Among Enemies: Counter-Espionage for the Business Traveler. D. Street Books, Mountain Lake Press, Mountain Lake Park (2013)

    Google Scholar 

  10. Birnhack, M.: The EU data protection directive: an engine of a global regime. Comput. Law Secur. Rev. 24(6), 508–520 (2008)

    Article  Google Scholar 

  11. Bury, S., Ishmael, J., Race, N.J., Smith, P.: Designing for social interaction with mundane technologies: issues of security and trust. Pers. Ubiquitous Comput. 14(3), 227–236 (2010)

    Article  Google Scholar 

  12. Callanan, C., Dries-Ziekenheiner, H., Escudero-Pascual, A., Guerra, R.: Leaping over the Firewall: A Review of Censorship Circumvention Tools. Freedom House, Washington (2011)

    Google Scholar 

  13. Cisco: Cisco 2014 Annual Security Report (2014, January). Retrieved July 10, 2017, from Cisco: http://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf

  14. Cisco: Lawful Interception for 3GPP: Cisco Service Independent Intercept in the GGSN (2014, July 7). Retrieved July 10, 2017, from Cisco: http://www.cisco.com/c/en/us/about/security-center/lawful-interception-3gpp.html

  15. Council of Europe: Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108). Council of Europe, Strasbourg (1981)

  16. Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation Onion Router. Naval Research Lab., Washington (2004)

    Book  Google Scholar 

  17. Disterer, G., Kliener, C.: BYOD bring your own device. Proc. Technol. 9, 43–53 (2013)

    Article  Google Scholar 

  18. Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245. ACM, Chicago (2009)

    Google Scholar 

  19. European Commission: 2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued. Brussels (2000)

  20. European Court of Human Rights: Reference for a preliminary ruling from High Court of Ireland (Ireland) made on 25 July 2014—Maximillian Schrems v Data Protection Commissioner, Strasbourg (2015)

  21. Felt, A., Egelman, S., Wager, D.: I’ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 33–44. ACM, Raleigh (2012)

    Google Scholar 

  22. Fleizach, C., Liljenstam, M., Johansson, P., Voelker, G., Mehes, A.: Can you infect me now?: malware propagation in mobile phone networks. In: Proceedings of the 2007 ACM Workshop on Recurring Malcode WORM’07, pp. 61–68. ACM, Alexandria (2007)

    Chapter  Google Scholar 

  23. Forbes Magazine: How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did (2012, Feb 16). Retrieved from Forbes Technology: http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/

  24. FreedomHouse: Freedom on the Net 2013, FreedomHouse, Washington (2013)

  25. Gebauer, J., Shaw, M.: Success factors and impacts of mobile business applications: results from a mobile e-procurement study. Int. J. Electron. Commer. 8(3), 19–42 (2004)

    Article  Google Scholar 

  26. Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day Android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, MobiSys’12, pp. 281–294. ACM, Low Wood Bay (2012)

    Google Scholar 

  27. GSMA: GSM Association Specification for A5/3—Technical Specification (2000). Retrieved May 2013, from 3GPP: http://www.3gpp.org/ftp/tsg_sa/wg3_security/tsgs3_13_yokohama/docs/pdf/s3-000362.pdf

  28. GSMA: IMEI Allocation and Approval Guidelines (2011, Jul 27). Retrieved May 2013, from GSMA: http://www.gsma.com/newsroom/wp-content/uploads/2012/03/ts0660tacallocationprocessapproved.pdf

  29. Hallinan, D., Friedewald, M., McCarthy, P.: Citizens’ perceptions of data protection and privacy in Europe. Comput. Law Secur. Rev. 28, 263–272 (2012)

    Article  Google Scholar 

  30. Hansen, F.: Consumer choice behavior: a cognitive theory. In: F. Hansen, Consumer Choice Behavior: A Cognitive Theory, pp. 493–538. Free Press, New York (1972)

    Google Scholar 

  31. Internet Society: Internet Society 2013 Annual Report (2013, December 15). Retrieved July 11, 2017, from Internet Society: https://www.internetsociety.org/publications/internet-society-2013-annual-report

  32. Internet Society: Global Internet Report 2015 (2015). Retrieved Nov 20, 2017, from Internet Society: https://www.internetsociety.org/globalinternetreport/2015/

  33. ITU Broadband Commission for Digital Development: Why National Broadband Plans Matter—Broadband Commission (2013, July). Retrieved July 10, 2017, from ITU Broadband Commission for Digital Development: www.broadbandcommission.org/documents/reportNBP2013.pdf

  34. ITU Broadband Commission for Digital Development: A 2013 report—Broadband Commission (2013, September). Retrieved July 10, 2017, from ITU Broadband Commission for Digital Development: www.broadbandcommission.org/documents/bb-annualreport2013.pdf

  35. ITU: Measuring the Information Society 2012 (2012). Retrieved July 12, 2017, from ITU: https://www.itu.int/en/ITU-D/Statistics/Documents/publications/mis2012/MIS2012_without_Annex_4.pdf

  36. ITU: Measuring the Information Society Report 2013 (2013, October 7). Retrieved July 11, 2017, from ITU: http://www.itu.int/en/ITU-D/Statistics/Pages/publications/mis2013.aspx

  37. Jamaluddin, J., Zotou, N., Edwards, R., Coulton, P.: Mobile phone vulnerabilities: a new generation of malware. In: Consumer Electronics 2004 IEEE International Symposium, pp. 199–202. IEEE, New York (2004).

    Chapter  Google Scholar 

  38. Joinson, A., Reips, U., Buchanan, T., Schofield, C.: Privacy, trust, and self-disclosure online. Hum.-Comput. Interact. 25(1), 1–24 (2010)

    Article  Google Scholar 

  39. Kargl, F., Lawrence, E., Fischer, M., Lim, Y.Y.: Security, privacy and legal issues in pervasive eHealth monitoring systems. In: 7th International Conference on Mobile Business, pp. 296–304 (2008)

    Google Scholar 

  40. Kingpin, K., Mudge, M.: Security analysis of the palm operating system and its weaknesses against malicious code threats. In: Proceedings of the 10th Conference on USENIX Security Symposium, 10, pp. 1–18. USENIX Association, Washington (2001)

    Google Scholar 

  41. Kravets, D.: U.N. Report Declares Internet Access a Human Right (2011, June 3). Retrieved July 11, 2017, from Wired: https://www.wired.com/2011/06/internet-a-human-right/

  42. Liang, T., Yeh, Y.: Effect of use contexts on the continuous use of mobile services: the case of mobile games. Pers. Ubiquitous Comput. 15(2), 187–196 (2011)

    Article  Google Scholar 

  43. Lo, C., Chen, Y.: Secure communication mechanisms for GSM networks. IEEE Trans. Consum. Electron. 45(4), 1074–1080 (1999)

    Article  Google Scholar 

  44. Maitland, C., Thomas, H., Tchouakeu, L.: Internet censorship circumvention technology use in human rights organizations: an exploratory analysis. J. Inf. Technol. 27(4), 285–300 (2012)

    Article  Google Scholar 

  45. Microsoft: Microsoft’s PhotoDNA: Protecting children and businesses in the cloud (2015, Jul 15). Retrieved Oct 2017, from Microsoft Digital Cybercrime Center: https://news.microsoft.com/features/microsofts-photodna-protecting-children-and-businesses-in-the-cloud/

  46. Mylonas, A., Dritsas, S., Tsoumas, B., Gritzalis, D.: Smartphone security evaluation the malware attack case. In: 2011 Proceedings of the International Conference Security and Cryptography, SECRYPT, pp. 25–36. IEEE, Seville (2011)

    Google Scholar 

  47. Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013)

    Article  Google Scholar 

  48. Mylonas, A., Meletiadis, V., Mitrou, L., Gritzalis, D.: Smartphone sensor data as digital evidence. Comput. Secur. 38, 51–75 (2013)

    Article  Google Scholar 

  49. Mylonas, A., Theoharidou, M., Gritzalis, D.: Assessing privacy risks in Android: a user-centric approach. In: International Workshop on Risk Assessment and Risk-Driven Testing, pp. 21–37. Springer, Istanbul (2013)

    Google Scholar 

  50. OpenNet Initiative (ONI): Research (2012, June). Retrieved July 11, 2017, from OpenNet Initiative (ONI): https://opennet.net/research

  51. Price, B., Adam, K., Nuseibeh, B.: Keeping ubiquitous computing to yourself: a practical model for user control of privacy. Int. J. Hum.-Comput. Stud. 63(1), 228–253 (2005)

    Article  Google Scholar 

  52. Reuters: Sony to pay up to $8 million in ‘Interview’ hacking lawsuit (2015, Oct 20). Retrieved from Reuters: http://www.reuters.com/article/2015/10/20/us-sony-cyberattack-lawsuit-idUSKCN0SE2JI20151020

  53. Romer, H.: Best practices for BYOD security. Comput. Fraud Secur. 2014, 13–15 (2014)

    Article  Google Scholar 

  54. Roskowski, S., Kolm, D., Ruf, M., Jaquet, J., Othmer, K.: Patent No. 7609650 B2, US (2009, October 27)

  55. StatCounter: StatCounter GlobalStats (2012). Retrieved July 11, 2017, from StatCounter: http://gs.statcounter.com/

  56. The New York Times: How Companies Learn Your Secrets (2012, Feb 16). Retrieved from The New York Times Magazine: http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?pagewanted=1&_r=2&hp

  57. United Nations Humans Rights Council: Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue (2011, May 16). Retrieved July 11, 2017, from United Nations: http://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/A.HRC.17.27_en.pdf

  58. US Federal Bureau of Investigation: Safety and Security for the Business Professional Traveling Abroad (2017, July 11). Retrieved July 11, 2017, from US Federal Bureau of Investigation: https://www.fbi.gov/file-repository/business-travel-brochure.pdf/view

  59. Van Leeuwen, D.: Bring your own software. Netw. Secur. 2014(3), 12–13 (2014)

    Article  Google Scholar 

  60. Variety: Sony Ex-Employees File Amended Class Action Suit Over Hacking Attack (2015, March 3). Retrieved from Variety: http://variety.com/2015/biz/news/sony-hack-scandal-lawsuit-1201445372/

  61. Vlassenroot, S., Gillis, D., Bellens, R., Gautama, S.: The use of smartphone applications in the collection of travel behaviour data. Int. J. Intell. Transp. Syst. Res. 13(1), 17–27 (2015)

    Google Scholar 

  62. Wang, Y., Streff, K., Raman, S.: Security threats and analysis of security challenges in smartphones. Computer 45(12), 52–58 (2012)

    Article  Google Scholar 

  63. Wong, R.: Data protection: the future of privacy. Comput. Law Secur. Rev. 27(1), 53–57 (2011)

    Article  Google Scholar 

  64. Wustrow, E., Wolchok, S., Goldberg, I., Halderman, J.: Telex: anticensorship in the network infrastructure. In: 20th USENIX Security Symposium, pp. 459–474. The USENIX Association, San Francisco (2011)

    Google Scholar 

  65. Yan, Z., Liu, C., Niemi, V., Yu, G.: Exploring the impact of trust information visualization on mobile application usage. Pers. Ubiquitous Comput. 17(6), 1295–1313 (2013)

    Article  Google Scholar 

  66. Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets. In: 19th Annual Network & Distributed System Security Symposium, 25, pp. 2017–2023. ISOC, San Diego (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Aconite Internet Solutions, Dublin, Ireland

    Cormac Callanan

  2. Faculty of Economics, University of Ljubljana, Ljubljana, Slovenia

    Borka Jerman-Blažič

  3. Jožef Stefan Institute, Ljubljana, Slovenia

    Borka Jerman-Blažič

Authors
  1. Cormac Callanan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Borka Jerman-Blažič
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cormac Callanan.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Callanan, C., Jerman-Blažič, B. Privacy risks with smartphone technologies when using the mobile Internet. ERA Forum 20, 471–489 (2020). https://doi.org/10.1007/s12027-019-00572-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12027-019-00572-y

Keywords

Search

Navigation