Onavo Data Shrinking App May Pose Privacy Concerns

Onavo Privacy

Yesterday TechCrunch author Roi Carthy hailed a new app that he claims is a “must-have” for every iPhone data user: Onavo, a data shrinking app for iOS. But the obvious potential privacy issues with Onavo went right over his head.

Carthy goes so far as to suggest Onavo is “the very first app one should install” on an iPhone because of its remarkable ability to shrink your data and save you money on your wireless data bill.

But is there a catch to using Onavo? Yes.

Onavo Privacy

While Onavo’s ability to shrink your data is certainly impressive, remember that if something is too good to be true, it probably is, and Onavo is no exception.

Onavo iPhone Data Shrinking App

While Onavo does a fantastic job of shrinking your data — my own tests showed that Onavo reduced my data usage as much as 75 percent in some apps — it comes at a cost.

There is no monetary cost to using Onavo, as it is currently free, but you use Onavo at the expense of your privacy. To use Onavo requires you to route all of your data and personal information through a proxy so that it can be compressed.

Are you prepared to trust that Onavo, a previously unheard-of company, will handle all of the information you manage on your iPhone — your mail, your passwords, your credit card numbers — in a secure and responsible manner?

Although Onavo states in its privacy policy that it “will not store any content that you upload or download, such as message text, filled-in forms, and data that a website retrieved,” there nevertheless remain privacy concerns with Onavo.

Onavo still reserves the right to use certain “data in a manner that is attributable to you for a period of 6 months and will anonymize the data thereafter.” And they “may also share personally identifiable information with companies or organizations connected, or affiliated with Onavo, such as subsidiaries, sister-companies and parent companies.”

Given the recent outrage over Apple’s use of location data, you would expect iPhone users to be similarly concerned about sharing so much of their personal information with a small, relatively unknown company like Onavo.

Are you willing to trust Onavo with all of your important data?

Update May 1, 2011: Dvir Reznik, head of marketing at Onavo, replies in the comments: “We take our user’s privacy very seriously and store only the bare minimum necessary to support the service – all aggregated and anonymized. This is so that the app can report your savings, app usage, etc. We do not store any content such as messages, passwords, etc. Additionally, any sensitive content that is encrypted (HTTPS) can not and will not be processed by Onavo.”

The Truth About the Apple Location Tracking Scandal

There’s been a fuss in the blogosphere in the last 24 hours about an Apple location tracking scandal after the O’Reilly Radar alleged that Apple is intentionally gathering your iOS location data.

However, it was not until 7:45 a.m. the morning after the scandal broke that O’Reilly clarified that there is no evidence to suggest this data is leaving your custody. Due to this glaring omission in the original story, many people around the web have misunderstood the gravity of the situation and are calling this iPhone location tracking discovery a privacy scandal.

Here’s why the location tracking scandal is likely overblown:

  1. As noted above, it should be emphasized that your personal location file is being stored on your computer, and your computer alone. Apple is not collecting your personalized location data and storing it on their servers.
  2. While Apple does collect some location data from iPhone users, this data is collected anonymously and in a way that “does not personally identify you,” according to Apple’s privacy policy.
  3. Apple Location TrackingAlthough your iPhone location data is stored on your computer by default, apps can only access this location data if you opt in to location tracking.

    Recall that location-based apps prompt you with a notification that asks you if you would like to harness your location — to which you may reply “OK” or “Don’t Allow.”

  4. You can turn Location Services off entirely in Settings >> General >> Location Services. Update: Apparently, disabling location services does not stop your iPhone from tracking your location.
  5. Location data is not perfectly precise. After tracking my location history with the free iPhone Tracker app, it appears the iPhone may be merely tracking the nearby cell towers that are used to pinpoint your location.

My iPhone Location Data

Here is an overview of my locations in the last year, as stored on my computer. You can download the iPhone Tracker app to see a map of your own location history.

iPhone Location Tracker

Yes, it can be shocking to see this map and you might naturally elicit a knee-jerk reaction for fear that Apple is building a Big Brother-esque database of individual iPhone users’ locations. However, there is simply no evidence that Apple is storing these personalized maps on their own servers, despite that it is building a database with some broader location data.

Wired notes that the reason Apple collects anonymized location data was explained in a letter last year by Apple’s general counsel Bruce Sewell: “Apple must be able to determine quickly and precisely where a device is located. To do this, Apple maintains a secure database containing information regarding known locations of cell towers and Wi-Fi access points.”

Nevertheless, it would not hurt for Apple to respond to these privacy concerns once again and better clarify its privacy position. What is just as worrisome as Apple storing your location data is a malicious person having access to your location file on your computer in the event that your computer is stolen.

Are you concerned about the Apple location tracking scandal? Feel free to share your opinion in the comments.

6 iPhone Privacy Issues You Should Be Concerned About

Have you noticed the iPhone gradually embedding itself into every facet of your life? I use my iPhone to:

  • plan out my days
  • track my personal budget
  • exchange emails, phone calls, text messages, photos, videos, voice recordings, etc., with anyone
  • broadcast my location via Google Latitude and other location sharing services

Yet considering how much we use the iPhone to map out our personal lives, the unfortunate truth is that Apple’s iPhone is weak on privacy.

Some Improvements

Yes, Apple has addressed a couple of our privacy concerns with the iPhone.

  1. You now have the option to turn off SMS preview, a feature that displays an excerpt of incoming text messages, causing potentially humiliating situations.
  2. Also, you can now delete individual text messages on iPhone, whereas originally your only choice was to delete all messages from any given contact.

Top 6 iPhone Privacy Issues

While the above are certainly improvements, there is still a lot left to be desired in terms of privacy on the iPhone. Below are 6 iPhone privacy issues that you may not be aware of, but should be. Give them a look and decide whether it is still worth it for you to own or buy an iPhone.

Consider:

  1. iPhone Passcode Lock

    iPhone’s Passcode Lock can be hacked. In September of 2008, Jonathan Zdziarski broadcast a webcast showing the world how to hack into an iPhone that is guarded by a Passcode Lock (which you can toggle in Settings >> General >> Passcode Lock).

    The webcast on how to break a Passcode Lock was intended in part for law enforcement officers, but it can also teach thieves how to mine the data from iPhones they have stolen. If you have information in your iPhone that you consider absolutely private, you should know that intruders can easily crack your iPhone’s Passcode Lock.

    Besides the Passcode Lock preventing people from entering your iPhone, individual apps from the App Store sometimes have Passcode Locks, like the Balance app, which I use to track my budget.

  2. iPhone screenshot

    iPhone stores screenshots of your activities. To produce that shrinking effect that happens to your window whenever you press the home button, your iPhone takes a picture of your screen. It stores a copy of the most recent screenshot and then supposedly deletes it. But according to Wired, “anyone who understands data is aware that in most cases, deletion does not permanently remove files from a storage device. Therefore, forensics experts have used this security flaw to gather evidence against criminals convicted of rape, murder or drug deals, Zdziarski said.”

    The knowledge on how to dig up the screenshots from someone’s iPhone can certainly be used by law enforcement in the interests of society, but intruders with malicious intent can see your activity just as easily.

  3. AT&T does not protect your privacy. The sole authorized iPhone carrier in the United States assisted the National Security Agency in its illegal wiretapping scheme and was granted immunity from prosecution after the scandal was exposed.

    Yes, many mobile phones other than iPhone run on AT&T, but with iPhone you are transmitting much more personal data than you would on a more basic phone. If you’re an iPhone user in the US, it’s worth considering that AT&T cooperated with the NSA’s widespread wiretapping… some AT&T customers have left because of it.

    iPhone wiretapping

  4. iPhone embeds your location into photos. By default, photos you take on an iPhone 3G or 3G S are “geotagged” with the location where they were taken. Your latitude and longitude are recorded in your photos’ EXIF data based on a signal from iPhone’s GPS or possibly from cellular and WiFi triangulation.

    iPhone geotag in EXIF data

    My iPhone 3G used to ask me if it could use my “Current Location” when I would turn on the camera. Now my 3G S geotags my photos by default. To change how the iPhone uses your location, go to Settings >> General and toggle Location Services.

  5. iPhone does not let you lock down individual apps. Although the iPhone’s Passcode Lock can be hacked, as mentioned above, it would still be nice to be able to set a Passcode for just certain apps, like Messages, Email, and Notes, for example.
  6. iPhone text message preview

    iPhone has no option to hide the names of people who send you text messages. This concern was noted in the comments of my post How Has iPhone’s SMS Preview Gotten You Into Trouble?. There’s a big debate in that thread about whether people who care about text message privacy are just a bunch of adulterers, but I tend to believe people’s privacy motivations are their own business and if you want the option to hide names of text message senders, you should have it.

Worried About Your Privacy on iPhone?

There’s no question Apple needs to increase security on the iPhone. Some of these privacy issues require taking a hard look at the iPhone’s core software, but others are options that could simply be added to iPhone’s Restrictions in Settings >> General >> Restrictions.

What do you think? What are your privacy concerns about the iPhone? Please sound off in the comments and tell Apple why you want the iPhone to be more secure.

iPhone 3.0: Now With Text Message Privacy

iPhone 3.0 SMS privacy

One of the problems I used to complain about most was iPhone’s “SMS Preview” feature, which prompted you with an excerpt of any incoming text message you received. You can imagine — or maybe you’ve actually experienced — the awkwardness when a raunchy text message from your significant other pops up on your screen while a relative or coworker is using your iPhone.

SMS Preview and the lack of text message privacy on the iPhone caused embarrassment for a lot of my readers, who left comments about inappropriate text messages popping up on their screens at the worst times — pretty funny, you should go read them.

After TWO YEARS of complaining about this extremely irritating issue, Apple has finally heard our pleas and given us the option in iPhone 3.0 to turn off SMS Preview for incoming text messages.

Just go to Settings >> Messages to turn SMS Preview on or off. That’s it, no more unnecessary text message drama.

Update: Mark writes,

I do not agree that this solves the problem. I actually think Apple needed one more SMS privacy preferences option to completely suppress pop ups for text messages, don’t you? Complete suppression of text messages would be I don’t get any popups about any text messages if desired.

I agree. I noted this as a concern in my post 6 iPhone Privacy Issues You Should Be Concerned About.

Set SMS Privacy Levels With the Kate App [Jailbreak Required]

iPhone SMS Privacy

Update: The SMS Preview privacy issue is now resolved as of the iPhone 3.0 software update.

SMS Preview — the iPhone feature that interrupts what you’re doing to display an excerpt of an incoming text message on your screen — has been a privacy concern of mine since the iPhone was released last June. Now RiP Dev, a third-party development team, has released a solution.

Read more

How Has iPhone’s SMS Preview Gotten You Into Trouble?

iPhone text privacy

Update: The SMS Preview privacy issue is now resolved as of the iPhone 3.0 software update.

In my iPhone review last June, I pointed out a big privacy concern I had about iPhone’s SMS application: namely, the inability to turn off SMS Preview, which interrupts whatever you’re doing when you receive a text message and displays an excerpt of the message content on your screen.

As you can imagine, this can create an awkward situation when you receive a private text message and someone else is using your iPhone.

Read more