Google and Apple talk up security, but recent disclosures serve as a painful reminder of how much control mobile phone users give up when they power on their handsets.
The very nature of cloud-based software is that we're sharing our content with a remote server. Google, Apple, and other companies just reminded us of how much we trust our content security, but the writing has been on the wall for a while.
Consumers got a big wake-up call last spring when cloud-backup Dropbox claimed its content was more secure than it really was. The Federal Trade Commission caught Dropbox saying user content was inaccessible without the password when, in reality, Dropbox itself could access the content.
Dropbox, however, is a backup service, meaning that you have a primary memory space other than Dropbox. Your Dropbox content is likely on a home computer, laptop, or another device.
The security issue becomes more crucial with mobile.
How many users keep their address book on a server provided by Apple, Google, Microsoft, or RIM, the maker of the ubiquitous Blackberry? Phones may be packing more memory than ever, but the fragileness of mobile devices makes us more apt to access our precious data remotely as opposed to a memory card or the device itself.
Apple iCloud, Google Sync, and Microsoft Private Cloud are all capitalizing on our fear of losing mobile data.
Compared to home computers, phones also have more companies involved in the data processing chain, limiting users' ability to know who's accessing their information and, more importantly, what they're doing with it.
Take the example of Carrier IQ, the performance monitoring software installed on millions of phones. Last year, security expert Trevor Eckhart discovered the software was tracking everything you did with your phone, from web browsing to keystrokes. Worse, when the four major carriers were confronted, each had a different explanation for why the software was there and what they were doing with the sensitive information. As PC World's Jared Newman put it, we deserve a straight answer on Carrier IQ. Months later, it's still unclear how much damage was done by the software.
Too much control
Recent developments offer more evidence of mobile security issues.
According to The Wall Street Journal, Google successfully bypassed Apple's Safari's mobile security and tracked millions of iPhone, iPod, and iPad users (and, to a lesser extent, PC and Mac users). Google kept a web cookie hidden in an online ad, like the Google +1 button, and it would drop when the user pressed the icon. As PC World reported, the quiet cookie would live well beyond the 12 to 24 hours a regular cookie would survive and allow Google to get valuable user habit information.
Sign up for Computerworld eNewsletters.