Smartphones and smartphone apps have been collecting location data for years. In some situations, this type of data collection makes perfect sense. For example, Google Maps needs to know where you are to direct you to your destination, a perfectly legitimate reason to request location access.
Other applications - such as secure messaging apps - have less of a need for this type of data. For these apps, access to location data, while able to provide useful features, may also introduce security risks.
Last week, the Electronic Frontier Foundation (EFF) hosted a panel as part of their 30th anniversary Fireside Chat series. The panellists highlighted a growing trend of access to location data given without consent. The EFF champion user privacy and encourage the protection of all forms of user data, including location data. The nonprofit organization works to ensure that location-based service providers require approval from their customers to share information collected with other companies.
Our team at Ciphr is very concerned about unauthorized data collection, and we believe everyone should own, control, and grant access to their own data. We applaud the EFF for its efforts to educate people on the evolving need for privacy with new digital technologies.
The sliding scale: evaluating whether apps require location data
Location data can be useful for various purposes, and it is vital for some applications. However, many other mobile apps collect this data for their own benefit rather than that of the user.
The need for location access in these cases ranges from vital to useful to unnecessary. Unnecessary requests to access location data - and other sensitive information - are why smartphone developers are pushing for app developers to inform their users how the application will use the collected data.
Apps like Google Maps require location access to provide directions to drivers, while many stores and restaurant chains will request location access to direct users to their nearest location. Apps may also request location access to provide more targeted and relevant advertising to users. For example, a supermarket chain may only want to advertise to users located in a region where it has stores.
The unintended consequences of location-based features
Even if location data is collected to create features that benefit the user, these features can still pose a risk to users.
Apps designed to provide a phone’s exact location, whether to a friend or as part of a “find my device” feature, can be helpful to a user. It is also a useful tool for bad actors to access your location.
Some applications offer the ability to locate nearby friends or users of the application. While these apps are often designed to provide a vague estimation of a user’s location - in the name of protecting privacy - these protections can often be bypassed by triangulating the user’s location between a few devices. For messaging apps where scammers commonly use spoofed accounts, this functionality can be misused for hacking or locating specific individuals.
Smartphones commonly append time and location information to the photos they take, making it easy to remember where and when you took that vacation photo for example. However, if these photos are shared on social media or similar platforms, they can reveal sensitive information. For instance, a photo of a backyard barbecue can enable anyone who can access the photo to learn your home address.
Location is a common factor when determining insurance rates, and other applications may consider this as well. Sharing location data may impact a user’s ability to receive certain goods or services.
Balancing Functionality with User Privacy and Security
For some applications, collecting user location data makes sense. In general, these applications are ones where the user knowingly sacrifices the expectation of privacy for convenience, like Google Maps.
In other applications, location-based features run counter to the core objectives of the application. For example, a feature to find nearby friends makes sense in an app like Facebook where users have little expectation of privacy. In this case, being able to seek out nearby friends for a meetup is a significant benefit.
However, this same functionality doesn’t fit the mindset of a security-focused end-to-end encryption application. In a secure messaging app, the user is relying on the protections built into the app to ensure their privacy and security, which means that they might let their guard down. Adding features that can be used to lure a user into an unsafe situation can be dangerous.
When developing secure messaging apps, it is important to balance features and convenience with user safety and security. If a feature is “nice to have” but puts a user at risk, it isn’t a good choice for a secure messaging app. Ciphr - with our focus on security - carefully weighs the potential risks and implications of every feature before adding it to our applications.