People with smartphones and tablets may be giving Apple and Android apps they download the permission to capture their geolocation data to know where they are, but security experts are making the strong argument to just say no instead -- and turn off that GPS function unless really needed.
"There's the privacy concern, maybe you don't want billions of people to know where you live," says Alan Brill, senior managing director, Kroll Advisory Solutions, who points out that smartphones with GPS chips today will embed geotagging information into the photo you upload to social-networking sites. It's fairly simple to use EXIF interpreter software that's freely available online to cull that geolocation data out of your photo, Brill says. In fact, this is happening today in military situations where adversaries watch for photos posted by the other side, he adds.
There are implications about GPS for businesses, too, according to Kroll, which recently sent out an advisory to its clientele on the topic. Regulatory agencies around the world, especially in Europe, are starting to consider whether geolocation information should be considered sensitive data. And that means that businesses that collect and store geolocation data as part of marketing campaigns will need to start regarding it as something that they one day may find carries a huge legal burden in the event of a data breach.
Brill says he's especially concerned about geotagging in photos when it comes to children and teens who frequently post photos online, not knowing that it likely is possible for strangers to figure out where they are. The device GPS function can be turned off, and in most cases, it probably should be, Brill recommends. GPS can help with getting road directions, but there are so many unexpected ways that personal GPS information is being collected today.
GFI Software this week came out with a report that described how apps created by the Barack Obama and Mitt Romney campaigns as outreach to potential voters are designed to be able to capture GPS information related to the user's device, among other personal information.
These Google Android and Apple iOS apps -- one is called "Mitt's VP" and the other "Obama for America" -- are both available through the official Apple and Android app stores and are intended to give the presidential campaigns a closer connection to potential voters. But according to Dodi Glenn, GFI's product manager for the VIPRE anti-malware consumer product line, both the Obama and Romney apps extend the ability to monitor and control the user's tablet or smartphone a little too far.
The Romney app is designed to give that campaign the ability to activate the device camera and turn on the audio like an open mike, Glenn points out. Both the Romney and Obama apps can read the user's contacts and upload them. And both can exploit GPS functions in devices with GPS chips. "Both have the ability to capture GPS data," he says.
Sign up for CIO Asia eNewsletters.