Your phone knows more about you than you think. It knows where you’ve been and who you were with, the birthday gift you bought your mother and who you plan to vote for.
From pre-installed apps that count your steps to saved passwords for banking accounts and social media, smartphones have evolved from devices that make calls into digital repositories for the most intimate details of life.
“You can extract enough information on a typical person’s phone that you can construct a virtual clone of that individual,” said Elad Yoran, executive chairman of Koolspan Inc., a communications security company. “They are the windows not just into our personal lives but they are equally the windows into our professional lives.”
And, as the Federal Bureau of Investigation’s battle with Apple Inc. shows, they have become a goldmine for investigators. The agency has won a court order demanding Apple’s help unlocking an iPhone used by Syed Rizwan Farook, who shot scores of co-workers at a December office event in San Bernardino, California in December, killing 14.
Apple is fighting the order, mounting a highly public case against what it calls government overreach and in defense of privacy. It warns that anything it does to override the encryption of its smartphones could help hackers.
“There’s probably more information about you on your phone than there is in your house,” Apple chief executive Tim Cook told ABC News last week. “Our smartphones are loaded with our intimate conversations, our financial data, our health records. They’re also loaded with the location of our kids in many cases.”
The world’s 7.3 billion people now have an estimated 3.4 billion smartphones. That’s expected to climb to 6.4 billion by 2021, according to communications company Telefonaktiebolaget LM Ericsson. The phones are powerful, processing more information faster than the computers NASA used to put humans on the moon.
That’s permitted them to perform a stunning array of functions and collect troves of data. There’s a record of calls made and received, text messages, photos, contact lists, calendar entries, Internet browsing history and notes, as well as access to e-mail accounts, banking institutions and websites like Amazon, Facebook, Twitter and Netflix, said Koolspan’s Yoran.
Many people instruct their phones to remember passwords for these apps so they can be quickly opened — which means they are available to anyone who gets into the phone. That reveals your taste in films, shopping habits and relationships.
Some new phones come pre-loaded with a health app that automatically tracks how many steps a user takes. Others can be downloaded to pinpoint a person’s location using GPS coordinates or reveal political leanings and food preferences.
Navigation programs can serve as a record of places visited. If you use a friend finder app, the phone will know where your friends or family members are or have been.
Moreover, smartphones quietly collect data about a user and share it with others, said Andrew Blaich, lead security analyst for Bluebox Security, which helps secure apps. For example, the phone communicates with its telecommunications service provider and its manufacturer for software updates, while apps talk back to developers, Blaich said.
“Applications in general write a lot of data to their local storage. This data includes user names and passwords and it could include credit card numbers,” he said. “If an attacker were to be able to get into your phone and get access to this data they could basically impersonate you. A lot of this information is stored unencrypted on the device.” Other apps distribute information about your use of them to advertisers.
Most users don’t realize the extent to which their phone is connected to the outside world because accounts stay automatically logged in, said Mike Murray, vice president of security research for mobile security company Lookout Inc.
Phones can reveal company secrets, too. Murray said many Fortune 500 companies have a mobile phone app allowing employees to connect to networks over a virtual private network.
All of that data can be valuable to police. FBI Director James Comey told lawmakers last week that Farook’s phone could help solve the mystery of where he was for 18 minutes after the rampage. Despite scouring security cameras and interviewing witnesses, agents can’t account for where he and his wife went before they were spotted by police in a rented SUV, chased and slain in a gun-battle.
Comey said he is sensitive to the need for privacy. Yorgen Edholm, chief executive officer of cybersecurity company Accellion Inc., said the ability to track, impersonate and even manipulate someone through a smartphone shows the need to be vigilant about security and cautious of overreach by the government.
“I call it the cyborg device because it’s so connected to us,” Edholm said. “If the government wanted a decryption key for me, it would be my smartphone.”