Thursday, 23 February 2017

What your phone LEAKS about you

What your phone LEAKS about you

Here we revealed what personal info is shared by your browser. In part two, Robert Irvine looks at the privacy hole in your pocket


If you’re holding your phone


Here’s an experiment: place your phone on a flat surface, then launch your mobile browser and visit the website What Every Browser Knows About You (webkay.robinlinus.com). Swipe down the page to the Gyroscope section and the site will tell you: “Your Device is probably laying on a Table”. Now, pick up your phone and the text will instantly change to say: “Your Device is probably in your Hands”.

Spooky, eh? Well, not really, when you consider that most smartphones have a built-in compass (or gyroscope) that shares your device’s orientation with the web so you can accurately use services such as Google Maps. Unless you can hold your phone completely still, the ultra-sensitive compass sensor will reveal that your phone is not immobile.

How to plug the leak

You can’t disable the compass on your phone, but you can stop your mobile browser leaking your device’s orientation and info about your operating system and hardware by turning off JavaScript. For example, in Chrome for Android, tap the three-dot menu button, choose Settings and tap ‘Site settings’. Select JavaScript and set the slider to Blocked. You can add exceptions for sites that require JavaScript to display properly.

Everywhere you’ve been


Although your phone has many legitimate reasons for sharing your location – such as getting directions, checking the weather and geo-tagging photos – you may feel less comfortable that it stores details of every place you go. Apple says this is “to learn places that are significant to you and provide you with personalised services”, while Google claims it “helps you get better results and recommendations across Google products”. Both companies insist that you’re in control of this data, but it still feels like your every move is being stalked.

To see what your Android phone leaks about your travels, launch Google Maps, open the main menu and tap ‘Your timeline’. Here, you’ll find a list and a map of all the places you’ve been over the past day, week, month and beyond, as well as the distance covered and even whether you were walking, driving or on public transport.

On your iPhone, go to Settings, Privacy, Location Services, System Services and tap Frequent Locations to see the places you’ve visited recently and most often.

How to plug the leak

To erase Google Maps data for a specific day, open the menu in the top-right corner of your timeline and choose ‘Delete day’. For a more thorough wipe, select Settings and tap ‘Delete all Location History’, then set Location History to Off.

On iOS, tap Clear History and switch off Frequent Locations.

Things that you’re interested in


Adverts that appear on your phone aren’t merely annoying, they can also be creepy – seeming to know what you’ve been looking at and even where you are. This is because both Google and Apple build an advertising profile of you, based on the things they think you like, the places you go and your estimated age, gender, parental status, income and more. This data is then shared with Android and iOS apps, so they can target you accordingly and convince you to tap their ads. It’s like having a spy in your pocket, constantly reporting back to advertisers.

How to plug the leak

To stop personalised ads on Android, find the Google Settings app – on some phones you tap Google within the standard Settings app. Select Ads, then choose ‘Opt out of Ads Personalisation’ and tap ‘Reset advertising ID’ to clear your profile.

On iOS, go to Settings, Privacy, Advertising and tap Limit Ad Tracking and Reset Advertising Identifier. You can also turn off location-based advertising in Privacy, Location Services, System Services.

Changing these settings won’t stop adverts altogether, but it will prevent them from tracking you.

Where your photos were taken


All digital cameras record EXIF (Exchangeable Image File) data, which stores various details such as when a picture was taken, the ISO speed and the aperture. But phones go a step further by including the location, too. This makes it easy to browse photos taken in the same place, and saves you tagging them manually, but if you share your snaps online it could compromise your privacy. For example, a selfie shot in your bedroom could show a stranger – and a potential burglar – where you live.

How to plug the leak

Some photo-sharing services, including Facebook and Instagram, automatically strip the EXIF data from the images you upload. But if you’re sharing to Google Photos, Flickr or other big names, be aware that you may be leaking your location. The easiest way to stop this happening in Android is to go to Settings, Location and switch the slider to Off (although this also prevents other apps from knowing where you are).

In iOS, go to Settings, Privacy, Location Services, Camera and set Allow Location Access to Never.

Which Wi-Fi networks you use


Free Wi-Fi is everywhere these days, so it might not concern you that your Android phone stores and shares the names of wireless networks you’ve connected to – after all, it makes reconnecting much faster. The trouble is that hackers can easily create spoof Wi-Fi hotspots that harvest this information and use it to pinpoint exactly where you’ve been: from your home address to the hotel where you’re staying or your favourite coffee shop. This leaves you vulnerable to ‘man-in-the-middle’ attacks that steal your personal data when you connect to one of your regular networks. It can even affect supposedly encrypted connections.

How to plug the leak

The first precaution you should take is not to leave your Wi-Fi turned on all the time, because this means that your phone is constantly scanning for – and leaking the details of – networks you’ve used before. Second, you can install a free app called Wi-Fi Privacy Police (bit.ly/wifi417), which prevents your phone from sending out the names of Wi-Fi hotspots, so no-one can see which you’ve used and where. The app also stops you blindly connecting to dubious, unknown access points that are masquerading as genuine, well-known ones.

WHICH APPS CAN’T YOU TRUST?


As of Android 6 (Marshmallow), Google has made app permissions easier to control. To check there’s nothing dodgy already lurking on your device, run a scan with MyPermissions Privacy Cleaner (bit.ly/perm417), which tells you which apps pose a threat to your personal information. Suspicious permissions include ‘Modify your contacts’, ‘Use your precise location’, ‘Draw over other apps on your behalf’, ‘Control Near Field Communication (NFC)’ and ‘Read your text messages’, although some sound scarier than they actually are.

There’s an iOS version of MyPermissions (bit.ly/permios417), although this focuses more on unsafe privacy settings across social networks. Note that some features in the Android app, such as editing permissions, are only available in the paid-for edition.