There's a lot of debate taking place on how to guarantee online privacy — but few user-ready solutions. Michael Kassner talks to Ashkan Soltani about a new tool called MobileScope that may change that.
Online privacy is a major concern, and the focus of considerable effort by security experts — including Ashkan Soltani. Today, I'm interviewing Ashkan as he'd like to share news about a new privacy platform.Before getting to his news, I wanted to ask Ashkan about his part in the Wall Street Journal's "What They Know" investigative series — several articles focused on mobile-device privacy concerns. Kassner: Ashkan, you helped the Wall Street Journal test several mobile-device apps to determine what information they collected. The test results are uniquely displayed in an interactive tool depicted below. In the example, the Dictionary.com app is sending the phone's ID number to Google/DoubleClick.
Why is sending information to third-party vendors like Google/DoubleClick a bad thing?Soltani: First off, most users probably do not realize their information is being transmitted to third parties — who they've never heard of or had a relationship with. Since there's little transparency on these platforms, it's unlikely anyone would know.
Second, these third parties often receive extremely sensitive information, such as your precise location information (latitude/longitude) and your device identifier, which is persistent for the life of your device and can often be tied to your actual identity.
Most of the platforms do provide some notice that an application is accessing your location information. However, you still have no idea what third parties besides the app developer actually receive this information. I actually discuss this at length in my Senate testimony.
MobileScopeKassner: Ashkan. You, Dave Campbell (founder of Electric Alchemy), and Aldo Cortesi (security consultant) created MobileScope as a way to preserve online privacy. What are your expectations for MobileScope? Soltani: We built MobileScope as a proof-of-concept tool that automates much of what we were doing manually; monitoring mobile devices for surprising traffic and highlighting potentially privacy-revealing flows. The graphic below is third-party application traffic, viewed via Collusion.
Unlike PCs, we have little control over the underlying privacy and security features of our mobile devices. They come pre-installed with locked-down operating systems that often restrict their owners from exercising meaningful control unless they're willing to void their warranty and jailbreak the device.
Our current plans are to release MobileScope in the coming weeks and allow interested consumers, developers, regulators, and press to see what information their mobile devices can transmit.
We also experimented with "privacy control" tools to demonstrate how you can filter out certain activities and regain control over your privacy; eventually adding SSL Certificate Pinning, HTTPS Everywhere, AdBlock Plus, Do Not Track headers, and data blocking/spoofing — similar to Google Sharing.
We haven't thought much beyond that. There are a few possibilities including building a central application-reputation database or a hosted "privacy protecting service" for consumers.Kassner: In this Wall Street Journal video, you mentioned that MobileScope is flexible enough to block specific permissions. Up until I heard that, the only option I knew of was to not load the app. Do I understand correctly? Soltani: Yes that's right. We modeled it after projects like Google Sharing, allowing users to block or even "spoof" transmission of their sensitive information such as email address, UDID, or location information. We can restrict location transmission only to certain geographic areas, similar to Flickr's privacy geo-fencing feature. Kassner: Also in the video, you mentioned a side benefit of MobileScope is reducing unwanted data usage. It seems advertising uses a significant amount. How much are we talking about? Soltani: We added this feature right at the end and in quick tests it appeared that five to ten percent of your mobile traffic could be construed as ad-related content. This isn't a huge deal until you consider how mobile data plans are increasingly including "data caps."
You can view what portion of your traffic is ad content, or block ads completely using an AdBlock Tracking Protection List.Kassner: I'm not a big fan of free apps and their advertising, but I know several app developers. Isn't MobileScope going to adversely affect them? Soltani: Well, I think it's about creating an environment where the value exchange is apparent to the user. It's one thing to say "Hey, this app is free." It's another to realize by using an app, you're revealing sensitive information to unknown third parties, plus paying for all the underlying ad traffic.
I think as this ecosystem evolves, we need to come up with ways where the underlying value exchange is clearly understood by all parties.Kassner: I was surprised to hear you mention, "The amount of tracking on paid apps was as much as unpaid apps." I and many others were under the assumption if we paid for the app, that was not the case. Would you provide more details on what you have found? Soltani: We actually tested paid and unpaid versions of the same apps in the original Wall Street Journal "What They Know" apps story. For the most part, there was no significant privacy benefit to using the paid version. As the paid apps included the same third-party ad or analytic libraries and transmitted information to those parties.
This seems contrary to the common belief that "if the app is free, you're the product being sold." In our findings, that was not the case.Kassner: I recently wrote about TaintDroid, a mobile-device app similar to MobileScope. It also monitors what information leaves the mobile device. But TaintDroid requires the mobile device to be rooted. I did not hear any mention of that requirement for MobileScope. How is MobileScope set up? Soltani: MobileScope is not installed on the mobile device. Think of MobileScope as a portal or a proxy server. You sign up on a web site and the portal runs in the background. You use an app and the portal watches what the app does, reporting on what information is sent and where. It also can restrict what is sent. Kassner: When will we be able to start using MobileScope? Soltani: We're looking to release a limited beta by the end of May. Here is a signup page if you want to be part of the pre-release.
I asked one final question of Ashkan. With your intense regard for personal privacy, what do you say to people who don't care if their contact information is sent to third-party ad networks. His response, "I'm working on why they should care right now. That's another interview."
I wanted to congratulate Aldo, Ashkan, and Dave. MobileScope won the Wall Street Journal's 2012 Data Transparency Award. And thank you Ashkan for your dedication and help with this article.