ERA Forum

pp 1–19 | Cite as

Privacy risks with smartphone technologies when using the mobile Internet

  • Cormac CallananEmail author
  • Borka Jerman-Blažič


This paper presents the results of a study about privacy risks when communicating and using the mobile Internet. For a better understanding of the wider issues a brief introduction explains the capacity of smartphones to protect a user’s privacy and the availability of circumvention tools against state initiated blocking. A case study researches the relationships and associations between the level of the telecommunications market development, the wealth of a country, user proficiency, the affordability of mobile technology, the level of user tolerance of state-implemented content censorship, and similar privacy threats.


Mobile Internet Privacy risks Users Level of development 



  1. 1.
    3GPP: International Mobile station Equipment Identities (IMEI) (Release 9) (2009). Retrieved May 2013, from 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects:
  2. 2.
    Acquisti, A., Friedman, A., Telang, R.: Is there a cost to privacy breaches? An event study. In: International Conference on Information Systems ICIS (2006). Paper 94. AIS Electronic Library (AISeL) Google Scholar
  3. 3.
    Adams, A., Sasse, M.: Taming the wolf in sheep’s clothing: privacy in multimedia communications. In: Proceedings of the Seventh ACM International Conference on Multimedia (Part 1), pp. 101–107. ACM, New York (1999) CrossRefGoogle Scholar
  4. 4.
    Banuri, H., Alam, M., Khan, S., Manzoor, J., Ali, B., Khan, Y., et al.: An Android runtime security policy enforcement framework. Pers. Ubiquitous Comput. 16(6), 631–641 (2012) CrossRefGoogle Scholar
  5. 5.
    BBC News: Sony pays up to $8m over employees’ hacked data (2015, October). Retrieved from BBC News:
  6. 6.
    Beckett, P.: BYOD—popular and problematic. Netw. Secur. 2014(9), 7–9 (2014) CrossRefGoogle Scholar
  7. 7.
    Bellens, R., Vlassenroot, S., Verstraeten, D., Guatama, S.: Collecting and processing of crowd behaviour data by the use of cell phone data. In: 18th World Congress on Intelligent Transport Systems (ITS World 2011) Keeping the Economy Moving, Ghent, Belgium (2011) Google Scholar
  8. 8.
    Bellotti, V., Sellen, A.: Design for privacy in ubiquitous computing environments. In: Proceedings of the Third European Conference on Computer-Supported Cooperative Work, ECSCW’93, 13–17 September 1993, pp. 77–92. Springer, Milan (1993) Google Scholar
  9. 9.
    Bencie, L.: Among Enemies: Counter-Espionage for the Business Traveler. D. Street Books, Mountain Lake Press, Mountain Lake Park (2013) Google Scholar
  10. 10.
    Birnhack, M.: The EU data protection directive: an engine of a global regime. Comput. Law Secur. Rev. 24(6), 508–520 (2008) CrossRefGoogle Scholar
  11. 11.
    Bury, S., Ishmael, J., Race, N.J., Smith, P.: Designing for social interaction with mundane technologies: issues of security and trust. Pers. Ubiquitous Comput. 14(3), 227–236 (2010) CrossRefGoogle Scholar
  12. 12.
    Callanan, C., Dries-Ziekenheiner, H., Escudero-Pascual, A., Guerra, R.: Leaping over the Firewall: A Review of Censorship Circumvention Tools. Freedom House, Washington (2011) Google Scholar
  13. 13.
    Cisco: Cisco 2014 Annual Security Report (2014, January). Retrieved July 10, 2017, from Cisco:
  14. 14.
    Cisco: Lawful Interception for 3GPP: Cisco Service Independent Intercept in the GGSN (2014, July 7). Retrieved July 10, 2017, from Cisco:
  15. 15.
    Council of Europe: Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108). Council of Europe, Strasbourg (1981) Google Scholar
  16. 16.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation Onion Router. Naval Research Lab., Washington (2004) CrossRefGoogle Scholar
  17. 17.
    Disterer, G., Kliener, C.: BYOD bring your own device. Proc. Technol. 9, 43–53 (2013) CrossRefGoogle Scholar
  18. 18.
    Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 235–245. ACM, Chicago (2009) Google Scholar
  19. 19.
    European Commission: 2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued. Brussels (2000) Google Scholar
  20. 20.
    European Court of Human Rights: Reference for a preliminary ruling from High Court of Ireland (Ireland) made on 25 July 2014—Maximillian Schrems v Data Protection Commissioner, Strasbourg (2015) Google Scholar
  21. 21.
    Felt, A., Egelman, S., Wager, D.: I’ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 33–44. ACM, Raleigh (2012) Google Scholar
  22. 22.
    Fleizach, C., Liljenstam, M., Johansson, P., Voelker, G., Mehes, A.: Can you infect me now?: malware propagation in mobile phone networks. In: Proceedings of the 2007 ACM Workshop on Recurring Malcode WORM’07, pp. 61–68. ACM, Alexandria (2007) CrossRefGoogle Scholar
  23. 23.
    Forbes Magazine: How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did (2012, Feb 16). Retrieved from Forbes Technology:
  24. 24.
    FreedomHouse: Freedom on the Net 2013, FreedomHouse, Washington (2013) Google Scholar
  25. 25.
    Gebauer, J., Shaw, M.: Success factors and impacts of mobile business applications: results from a mobile e-procurement study. Int. J. Electron. Commer. 8(3), 19–42 (2004) CrossRefGoogle Scholar
  26. 26.
    Grace, M., Zhou, Y., Zhang, Q., Zou, S., Jiang, X.: Riskranker: scalable and accurate zero-day Android malware detection. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, MobiSys’12, pp. 281–294. ACM, Low Wood Bay (2012) Google Scholar
  27. 27.
    GSMA: GSM Association Specification for A5/3—Technical Specification (2000). Retrieved May 2013, from 3GPP:
  28. 28.
    GSMA: IMEI Allocation and Approval Guidelines (2011, Jul 27). Retrieved May 2013, from GSMA:
  29. 29.
    Hallinan, D., Friedewald, M., McCarthy, P.: Citizens’ perceptions of data protection and privacy in Europe. Comput. Law Secur. Rev. 28, 263–272 (2012) CrossRefGoogle Scholar
  30. 30.
    Hansen, F.: Consumer choice behavior: a cognitive theory. In: F. Hansen, Consumer Choice Behavior: A Cognitive Theory, pp. 493–538. Free Press, New York (1972) Google Scholar
  31. 31.
    Internet Society: Internet Society 2013 Annual Report (2013, December 15). Retrieved July 11, 2017, from Internet Society:
  32. 32.
    Internet Society: Global Internet Report 2015 (2015). Retrieved Nov 20, 2017, from Internet Society:
  33. 33.
    ITU Broadband Commission for Digital Development: Why National Broadband Plans Matter—Broadband Commission (2013, July). Retrieved July 10, 2017, from ITU Broadband Commission for Digital Development:
  34. 34.
    ITU Broadband Commission for Digital Development: A 2013 report—Broadband Commission (2013, September). Retrieved July 10, 2017, from ITU Broadband Commission for Digital Development:
  35. 35.
    ITU: Measuring the Information Society 2012 (2012). Retrieved July 12, 2017, from ITU:
  36. 36.
    ITU: Measuring the Information Society Report 2013 (2013, October 7). Retrieved July 11, 2017, from ITU:
  37. 37.
    Jamaluddin, J., Zotou, N., Edwards, R., Coulton, P.: Mobile phone vulnerabilities: a new generation of malware. In: Consumer Electronics 2004 IEEE International Symposium, pp. 199–202. IEEE, New York (2004). CrossRefGoogle Scholar
  38. 38.
    Joinson, A., Reips, U., Buchanan, T., Schofield, C.: Privacy, trust, and self-disclosure online. Hum.-Comput. Interact. 25(1), 1–24 (2010) CrossRefGoogle Scholar
  39. 39.
    Kargl, F., Lawrence, E., Fischer, M., Lim, Y.Y.: Security, privacy and legal issues in pervasive eHealth monitoring systems. In: 7th International Conference on Mobile Business, pp. 296–304 (2008) Google Scholar
  40. 40.
    Kingpin, K., Mudge, M.: Security analysis of the palm operating system and its weaknesses against malicious code threats. In: Proceedings of the 10th Conference on USENIX Security Symposium, 10, pp. 1–18. USENIX Association, Washington (2001) Google Scholar
  41. 41.
    Kravets, D.: U.N. Report Declares Internet Access a Human Right (2011, June 3). Retrieved July 11, 2017, from Wired:
  42. 42.
    Liang, T., Yeh, Y.: Effect of use contexts on the continuous use of mobile services: the case of mobile games. Pers. Ubiquitous Comput. 15(2), 187–196 (2011) CrossRefGoogle Scholar
  43. 43.
    Lo, C., Chen, Y.: Secure communication mechanisms for GSM networks. IEEE Trans. Consum. Electron. 45(4), 1074–1080 (1999) CrossRefGoogle Scholar
  44. 44.
    Maitland, C., Thomas, H., Tchouakeu, L.: Internet censorship circumvention technology use in human rights organizations: an exploratory analysis. J. Inf. Technol. 27(4), 285–300 (2012) CrossRefGoogle Scholar
  45. 45.
    Microsoft: Microsoft’s PhotoDNA: Protecting children and businesses in the cloud (2015, Jul 15). Retrieved Oct 2017, from Microsoft Digital Cybercrime Center:
  46. 46.
    Mylonas, A., Dritsas, S., Tsoumas, B., Gritzalis, D.: Smartphone security evaluation the malware attack case. In: 2011 Proceedings of the International Conference Security and Cryptography, SECRYPT, pp. 25–36. IEEE, Seville (2011) Google Scholar
  47. 47.
    Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013) CrossRefGoogle Scholar
  48. 48.
    Mylonas, A., Meletiadis, V., Mitrou, L., Gritzalis, D.: Smartphone sensor data as digital evidence. Comput. Secur. 38, 51–75 (2013) CrossRefGoogle Scholar
  49. 49.
    Mylonas, A., Theoharidou, M., Gritzalis, D.: Assessing privacy risks in Android: a user-centric approach. In: International Workshop on Risk Assessment and Risk-Driven Testing, pp. 21–37. Springer, Istanbul (2013) Google Scholar
  50. 50.
    OpenNet Initiative (ONI): Research (2012, June). Retrieved July 11, 2017, from OpenNet Initiative (ONI):
  51. 51.
    Price, B., Adam, K., Nuseibeh, B.: Keeping ubiquitous computing to yourself: a practical model for user control of privacy. Int. J. Hum.-Comput. Stud. 63(1), 228–253 (2005) CrossRefGoogle Scholar
  52. 52.
    Reuters: Sony to pay up to $8 million in ‘Interview’ hacking lawsuit (2015, Oct 20). Retrieved from Reuters:
  53. 53.
    Romer, H.: Best practices for BYOD security. Comput. Fraud Secur. 2014, 13–15 (2014) CrossRefGoogle Scholar
  54. 54.
    Roskowski, S., Kolm, D., Ruf, M., Jaquet, J., Othmer, K.: Patent No. 7609650 B2, US (2009, October 27) Google Scholar
  55. 55.
    StatCounter: StatCounter GlobalStats (2012). Retrieved July 11, 2017, from StatCounter:
  56. 56.
    The New York Times: How Companies Learn Your Secrets (2012, Feb 16). Retrieved from The New York Times Magazine:
  57. 57.
    United Nations Humans Rights Council: Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue (2011, May 16). Retrieved July 11, 2017, from United Nations:
  58. 58.
    US Federal Bureau of Investigation: Safety and Security for the Business Professional Traveling Abroad (2017, July 11). Retrieved July 11, 2017, from US Federal Bureau of Investigation:
  59. 59.
    Van Leeuwen, D.: Bring your own software. Netw. Secur. 2014(3), 12–13 (2014) CrossRefGoogle Scholar
  60. 60.
    Variety: Sony Ex-Employees File Amended Class Action Suit Over Hacking Attack (2015, March 3). Retrieved from Variety:
  61. 61.
    Vlassenroot, S., Gillis, D., Bellens, R., Gautama, S.: The use of smartphone applications in the collection of travel behaviour data. Int. J. Intell. Transp. Syst. Res. 13(1), 17–27 (2015) Google Scholar
  62. 62.
    Wang, Y., Streff, K., Raman, S.: Security threats and analysis of security challenges in smartphones. Computer 45(12), 52–58 (2012) CrossRefGoogle Scholar
  63. 63.
    Wong, R.: Data protection: the future of privacy. Comput. Law Secur. Rev. 27(1), 53–57 (2011) CrossRefGoogle Scholar
  64. 64.
    Wustrow, E., Wolchok, S., Goldberg, I., Halderman, J.: Telex: anticensorship in the network infrastructure. In: 20th USENIX Security Symposium, pp. 459–474. The USENIX Association, San Francisco (2011) Google Scholar
  65. 65.
    Yan, Z., Liu, C., Niemi, V., Yu, G.: Exploring the impact of trust information visualization on mobile application usage. Pers. Ubiquitous Comput. 17(6), 1295–1313 (2013) CrossRefGoogle Scholar
  66. 66.
    Zhou, Y., Wang, Z., Zhou, W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets. In: 19th Annual Network & Distributed System Security Symposium, 25, pp. 2017–2023. ISOC, San Diego (2012) Google Scholar

Copyright information

© Europäische Rechtsakademie (ERA) 2019

Authors and Affiliations

  1. 1.Aconite Internet SolutionsDublinIreland
  2. 2.Faculty of EconomicsUniversity of LjubljanaLjubljanaSlovenia
  3. 3.Jožef Stefan InstituteLjubljanaSlovenia

Personalised recommendations