Protecting user data in the post-PC era

Protecting user data in the post-PC era

Summary: Turn the current security model on its head.

SHARE:

'A stitch in time saves nine.'

'Look before you leap.'

'Prevention is better than cure.'

As we move from an era dominated by the PC into the post-PC era, we're increasingly turning our backs on desktop systems in preference for more smaller, more personal devices such as smartphones and tablets. These personalized devices have the effect of encouraging us to store and carry with us more and more sensitive information so that we have it close at hand 24/7, but a negative side-effect of this is that it creates a treasure trove of data that installed apps (rogue or otherwise) can plunder without our direct knowledge or consent.

Many ideas and mechanisms have been put forward as to how best to deal with this problem, but in my opinion they're doomed to failure because, just like the existing permissions model found in the Android OS, they seem to rely on users making an informed choice. Bottom line, you can't rely on users to make an informed choice.

The security model is worse for Apple's iOS. There you have control over some data that's sent to third parties (such as location data), but no control whatsoever over other data.

As I see if there's two issues that make it easy for data such as contact information to be plundered from smartphones and tablets:

  • Unlike PCs, where information can be stored all over the place, data is stored in known places on portable devices
  • Permission models are so open on that there's either no obstacle to accessing the data (like on iOS), or you can almost guaranteed that users will give the app permission to access the data (like on Android

Combine this ease of access to the data with the fact that this sort of data is valuable for those who want to data mine it, and it's no wonder that apps are lifting user information and whisking it away to their servers.

Given the wide range of potentially sensitive information people keep stored in their electronic devices, it now seems unthinkable to me that the apps you install onto your smartphone or tablets have such easy access to stored information. On a PC, an application that decided to go snooping thorough your hard drive, sending back to the mothership anything interesting it found, would be considered to be malware, but on portable devices some companies seems to think that this behavior is acceptable, until they're caught out, and which point they come out with a lame apology.

Bottom line, it's far too easy for apps to go rummaging through your contacts list and grab whatever they want. There's only one-way to stop it from happening, and that's to change the defaults.

What do I mean by this? I mean turn the current security model on its head. Start by placing a default block on all apps accessing personal information stored on a smartphone or tablet. In fact, go as far as to quarantine the data. Better still, encrypt. Then, if an app wants access to specific data, inform the users in clear terms what granting the app the desired permissions means. Then, if user still wants to grant an app access to their data, make the process more involved than just clicking a box.

This would send a message to developers telling them that limitless, covert access to stored user data is no longer a default. At best, they're going to have to work to get access to it, and at worse, they're not going to get access to any of it. Take away the expectation, and most developers will give up on the idea of data harvesting.

Apple, by virtue of tightly controlling what APIs developers can use, could easily go one step further and show users exactly what data an app is accessing and what would be transmitted from the iPhone or iPad by that app. This would be a level of transparency that I think would put most companies off the idea of plundering user's address books and contacts.

Users have the right to make sure their data protected from plundering by third-parties, now it's time for Apple and Google to put mechanism in place to make that happen.

Thoughts?

Topics: Mobility, Data Centers, Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Post-PC era?

    Since that's quite some time away, it sounds like they'll have plenty of time to figure out ways to safegaurd it.
    William Farrel
    • RE: Protecting user data in the post-PC era

      @William Farrel -

      Given previous paradigms were not exactly thought out well, including the current internet we all enjoy (ID theft, fraud, etc), I sincerely doubt these upcoming paradigms have had any thought put into them.

      And they started with the iPhone and iPad. How many articles of "PWN2OWN proves i___ is not secure", amongst others, will prove fundamental flaws remain? They can still be jailbroken... and even unjailbroken phones can be hacked...

      People are putting in too much blind faith, for the perception of "cutting costs". The only thing being cut is the life support system's power plug...
      HypnoToad72
  • RE: Protecting user data in the post-PC era

    The biggest problem with apps is permissions are usually an all-or-nothing thing - if you want to use the app, you MUST agree to allow it whatever permissions it wants. You do not have a menu of choices about what it can and cannot access. THAT is the fix in my opinion - allow users to dictate what the app can and cannot do at a much more granular level. Thus the developers will have to rethink what they are asking for and decide if they will allow the app to run with restricted permissions. And having all permissions denied first is a better starting point.
    countd4@...
  • RE: Protecting user data in the post-PC era

    "Post-PC" isn't here yet, but it's good to know a concerted market influence is helping to shape it.
    HypnoToad72
  • RE: Protecting user data in the post-PC era

    post pc wath did you wright on your god aka jobs ipad or your iphone.An have you looked at what the fbi said about you god aka jobs.but thank you on your insite on gameing pcs
    sarai1313@...