TheNational Commission for Information Technology and Liberties
(CNIL) and theINRIAhave been interested in smartphones for a year
like the iPhone which are a constant companion and a real
pocket computer to manage daily life, get information and be entertained.
Moreover, it is announced that there would be24 million smartphones in
France.
As part of his project "Mobilitics", these two
institutions were interested invis application behaviors
to the datafrom the user:
The CNIL and INRIA have created software capable ofrecover and
analyze data used by applicationson iOS.
Six people (members of the CNIL) with an iPhone therefore went
offered in order to observe the data exchanged, stored or even distributed
for a period of 3 months.
The data monitored concerned access to location, photos,
address book, phone identifiers, etc.
First observation at the end of the test period, it is no less than 9 GB
data, 7 million events and 41,000 geolocation accesses (i.e. 76
per day) which the CNIL had to analyze for a total of 189 applications.
So,93% of applications request network accesset
46% at UDID(unique Apple ID) even if the
Applications accessing the UDID will no longer be admitted as of May 1st.
For example, the application of a daily newspaper accessed 1989 times
the unique identifier and transmitted it 614 times to the app publisher!
This data is also often communicated without the user's knowledge.
and the CNIL points out that the user must be able to access the settings
allowing access to and possible dissemination of data to be limited.
Thus, the CNIL requests greater respect from developers or
publishers with 4 main lines:
- Application developers must integrate the
IT & Liberties issues in a privacy approach by
design. The CNIL wishes to develop support for stakeholders to this end.
Several Inria teams are working on the protection of privacy and
Information society, and in particular on privacy systems/architectures
by design.
- Application stores must invent innovative modes
informing users and collecting consent. The situation
current, binary, “take it or leave it” is not satisfactory.
- The parameters and settings present in the operating systems for
smartphones are insufficient. A finer control could be offered without
however, it degrades the user experience. As part of the project
Mobilitics, the CNIL and Inria have developed, on an experimental basis, a
demonstration of the settings that could be proposed by the supplier of the
operating system.
- Third-party actors who provide services and tools to
developers must only collect the necessary data and do so in complete
transparency, towards the developer and consequently towards
the end user.
The CNIL and Inria will continue their research as part of the project
Mobilitics, in particular on other operating system suppliers of the
market, which will make it possible to monitor the progress made by
all the actors.
So to be continued.
i-nfo.fr - Official iPhon.fr app
By : Keleops AG
