A Channel 4 News investigation in the UK has revealed that in a 24 hour period just one smartphone made 350,000 requests to 315 different servers and made 30,000 requests to 76 servers when otherwise sitting totally idle for 45 minutes. Oh, and then there was the location data being sent to advertising agencies based overseas, and handset ID data heading to various apps. In fact, the investigation simply reiterated the fact that an average smartphone will send out hundreds of thousands of pieces of information every day, giving away its location and unique identity.
Channel 4 News commissioned IT security outfit MWR InfoSecurity to build a black box recorder, codename 'Data Baby' in order to enable the project to monitor the personal information through a mobile phone belonging to a fictitious young woman living in London with a healthy social media life. Producer Geoff White explains: "On this occasion we wanted to look at how information is sent from mobile phones automatically to a variety of websites. We approached MWR InfoSecurity and asked them to build a data interceptor that would track what the phone was doing and then analyse the results."
The results will probably shock anyone who isn't active in the field of IT security and privacy, although those who are will just be nodding their heads in that knowing way. This isn't new news, as such, rather just confirmation of what we already know. Smartphones cannot but help to communicate, it's what they were created to do; what they choose to communicate and what we'd like them not to are separated by a chasm wider than that between the Democrats and Republicans over Obamacare.
"In a 24 hour period the phone sent and received 350,000 packets of information and was in contact with 350 servers across the world" White continues "every time we go online, we leave a digital trail in our wake. The websites we visit, products we browse and forms we fill out are all turned into code and stored on computers across the world – It's almost impossible for the average person to keep a track of their digital footprint. Channel 4 wanted to find out who was using this data, and how."
Data Baby, AKA Rebecca Taylor (two of the most common names in the UK) is a virtual persona with a very real Facebook page, Twitter account and life on the web. Unlike most folk, Data Baby could be followed and analysed in everything she did, because she is really just a laptop and a mobile phone with some clever hardware in-between. In order to gather and analyse the hundreds of thousands of mini-messages sent and received by the Data Baby's phone every day, Channel 4 News worked with MWR InfoSecurity to build the black box (similar to an aircraft flight recorder) which could intercept the data.
White says "The black box works only with the Data Baby's phone, storing the torrent of communications flowing to and from it to servers around the world. Even during a one-hour period when the phone was "idle" it sent more than 30,000 packets to 76 servers worldwide. The phone's exact location was sent to an advertising agency in the Ukraine, and its unique identifier was sent out half a dozen times to ad networks in the US."
"Smartphones have taken the use (and abuse) of our personal data to a whole new level" White insists "Always with us, always connected and usually running dozens of apps, our phones have massively increased the amount of information we send and receive every day." They have also added a whole new layer: location data. By knowing where its owner is, a phone can offer maps and other useful information. Yet it also allows our movements to be tracked by advertisers across the globe. Of course, some of the traffic is useful and required for the functionality of the phone itself and the apps installed upon it. However, there's no doubting that some is just there to serve the needs of advertisers. The problem being that these needs are being served without the knowledge, in the most part, of the user.
Rob Miller, security consultant at MWR InfoSecurity, said: “We are well aware of how mobile devices communicate with other servers but most users are not and they should be very careful about what permissions are given to applications. I am sure that most users would be shocked at the amount of information that is sent and received.”
Do you agree? Are you shocked by the traffic that Data baby has revealed, or do you accept it as part and parcel of the sacrifices made in the name of smartphone functionality and modern social mobility? Let us know by joining the conversation here at DaniWeb...