DEV Community

Aspen James
Aspen James

Posted on

Phones Are Scary

Your cell phone may be tracking, logging, and reporting more than you ever expected. Most of us know that our phones can transmit a lot of data about who we are, where we are, and what we're doing. I thought I knew a fair amount about this, but the more I looked into this, the more I realized how much more is possible to collect from the sensors built into your phone. The fact is that as these technologies improve, so do the ways attackers can use these technologies to obtain information about you.

Before we get in to all of this, I want to address something. I'm going to talk about specific products and companies in this post, and that's because I think what they're doing is really cool. I am not sponsored nor do I gain any benefit from sharing this information. I think these things are important for everyone to know, and I'd rather give some potential solutions rather than just state problems, and there isn't a great way to do that without naming specific products.

That all sounds pretty ambiguous...

Ambiguity is lame, so let's look at a specific example: your accelerometer.

What does an accelerometer do? An accelerometer measures acceleration. This makes things like detecting the orientation of your phone possible, as well as detecting movements. Orientation and movements are extremely useful for navigation with a map application, and can enable some pretty cool features in some mobile games. This article from 2013 explains that your accelerometer data does not require your permission to collect and use (aka you won't see a pop-up asking if it's okay to use this data). Some fairly simple analysis on this data can get a good approximation of your PIN or pattern used to unlock your phone.

Even if you have GPS tracking disabled, pairing speed and direction data (from your accelerometer) along with detecting nearby WiFi access points (which your phone will do, even if you have location services turned off) can theoretically give a great estimate of your location as well.

For some added paranoia, check out this article which describes how your ambient light sensor (useful for adjusting your backlight, amongst other things) can be used to "fingerprint" a user. The article also talks about how it's theoretically possible to use this ambient light data to map out a building.

Sounds like some Tin Foil Hat stuff

I will concede that this all sounds like your run-of-the-mill "The Government is Watching Me" paranoia, but this is real and this is happening. Since so much of this data does not require explicit permissions, so much of your personal and identifying information can be collected by any number of organizations. The products and services you use are undoubtedly collecting your data and using it to drive profits in one way or another, and they are doing it without your explicit knowledge or permission. I'm okay with being perceived as wearing a tin foil hat - sometimes that's the cost of consciousness and concern for privacy.

What can I do?

While we can't always stop this data from being collected and used against our will, we can take steps to prevent this. One of the easiest things you can do is to use a VPN (Virtual Private Network). There are many advantages to using a VPN, as well as many factors to consider when choosing one. That list is too long for this short article, but some searching around can find you some good articles, comparisons, and a lot of opinions. I use Private Internet Access - it is easy to use and suits my needs, but I encourage you to shop around and find one that fits your needs.

Another line of defense is to get privacy-respecting hardware. Purism is a rad company that makes hardware that respects users' privacy and runs on free software. They have a line of laptops available now, as well as a phone that you can pre-order now. These devices feature "hardware kill switches" - physical switches that disconnect your camera, microphone, WiFi adapter, etc on a hardware level, meaning that there is physically no way to collect data from them. This blog post from their website goes into more detail the points I made above, as well as how their hardware and software solutions address these issues.

In short, try to find products that respect your privacy and security, and be aware of what sorts of data the companies whose products you use may be collecting from you. When in doubt, choose open source.

Top comments (2)

ondrejs profile image

Well, Android is open-source system. I'd also vote for Purism products, but the price is really high, and the Matrix which Purism use as they primary private communication channel has been recently breached link, so I stick with iPhone & Signal as my default setting.

aspenjames profile image
Aspen James

True true! But Android is owned by Google and includes so much of their bloatware and telemetry. Still pretty far from ideal in my opinion.

Purism is a bit highly priced, but I strongly believe in what they're doing, their values, and their product, so I'm willing to pay for it. Their work on PureOS, Phosh, and all other softwares that are making it possible for the Librem 5 to exist are all open source and pushed upstream, so the mobile phone OS climate may be shifting a bit!

iPhones are actually a lot more privacy-respecting than an Android based device, so that's a good choice for sure. I have personal qualms with Apple as a company, so I can't in good conscious support them.