Updates

Privacy in mobile operating systems

Vaibhav Antil, CIPM
August 3, 2022

Privacy has been in the news for quite some time. With companies changing their privacy policies and fighting for access to data, consumers are beginning to feel like no one is looking out for them.

In the early days of smartphones, privacy was not a major concern for users. The available apps were limited, and most of them provided little value. This made people feel that they had nothing to hide.

However, as time went by, apps had more features and offered more services. They started sending data to their servers and collecting information about their users. This led to increased privacy concerns among users, who wanted to know how their data was being used.

The Android operating system is an open-source platform that allows for a lot of customization. Google has its own version of the OS, known as the Android Open Source Project (AOSP), which it uses on its own devices like the Pixel and Nexus phones.

It also offers to license AOSP to other manufacturers who want to use it in their products (and make some money). This is why you see Android on so many phones and tablets made by Samsung, LG, HTC, and more.

But even if you aren't using a Google-branded product, there's still a good chance that your smartphone was designed with privacy in mind — at least in theory.

In practice, however, things are not always so great. The current state of affairs is somewhat murky because there are a number of different ways that companies collect data from their users and what they choose to do with it can vary wildly depending on the company's policies and practices.

Why is Privacy Important For Your Mobile Devices?

The problem with mobile phones is that they can collect a lot of data about us. Some of this information is very personal, like our location at all times, or a log of every call we make or text message we send. Other data isn’t as sensitive but can still be used to track us — for example, which apps we use most frequently or what websites we visit from our phones.

In many cases, this data is collected by default by services running on your phone (such as Google Maps or Facebook Messenger) or by apps that use these services (like Instagram). This means it happens automatically without you having any say in the matter.

Privacy in operating systems refers to the ability of users to choose what information they want to share with other parties. Data privacy refers to the protection of personal data against unauthorized access, misuse, disclosure, and destruction. Users can decide what data they want their device to share with other devices, applications, or websites. All operating systems have different levels of privacy settings that we can adjust according to our needs.

The operating system should allow users to determine what information they want to share with apps and which data they don't want to share. In other words, privacy lets users decide who can see their data and how much control they have over their information.

Privacy in operating systems can be broadly classified into four parts: transparency, control, data default & data protection.

Privacy has become more critical as apps have become more sophisticated and powerful. Many apps use personal data for advertising purposes or sell it to third parties without user consent. Privacy allows users to protect themselves from these practices by restricting access to their data only when necessary for app functionality.

The answer is simple: it's a matter of trust. If I don't trust a company with my data, there's no point in using their services. And if I don't trust Google or Apple to keep my data safe, there's no reason to use Android or iOS.

The state of privacy in 2022

Regarding privacy, there are two main types: device-level security and application-level security. Device-level security refers to the steps that are taken on the phone to keep the data safe from third parties.

App-level privacy relates to how apps handle our data within their ecosystem and how much access they have when accessing other apps or services. Here are some examples:

Apple's iOS privacy levels have a built-in privacy feature called "Limit Ad Tracking" that allows users to opt-out of ad tracking for specific apps on their phone. Android does not currently have this feature built into its OS, but there are third-party apps such as AppGuard that can be installed on our device that provide similar functionality.

Google decided to do something about it by introducing a new security model called “sandboxing” in Android 9 and later versions. This means that apps won’t have access to other apps’ data unless they ask for it explicitly — which makes it harder for malware developers to steal your information without your knowledge.

Both iOS and Android allow users to view what permissions an app requires before downloading it from the store.

Pre-iOS 14 

The iOS 14 update was a massive change for Apple users. The company decided to take a step back and make sure that its users are protected from third-party apps. They would have to authorise permission to every app before it can access your data.

But what about the previous versions of iOS? How did they handle privacy?

Before iOS 14, users had no built-in options to control what data was shared with third-party apps or services. Apple did not provide any standard mechanism for apps to interact with each other through APIs. This meant that apps could only access other apps through user interaction or built-in frameworks like CloudKit or iCloud Drive.

In iOS 14, Apple introduced new APIs for developers to create extensions for their apps that can be installed on another app's icon on the home screen. These extensions allow users to view content from one app inside another without leaving their current location. 

Before the iOS 14 update, many companies were not taking privacy seriously. The lack of privacy tools and regulations meant that device makers could sell their users' data to advertisers and marketers.

This led to a massive data leak. For example, in 2019, it was revealed that Google was collecting location data from Android devices without permission. This is similar to how Apple collects location data from iPhones.

When it comes to Android phones, device makers have been spying on their users for years, even before Apple decided to introduce some new tools for protecting user data in iOS 14. The reason why so many companies were spying on their users is simple: They wanted more money from advertisers who were willing to pay more for targeted ads and offers based on user behavior or location data.

The lack of privacy features in Android OS is a result of the way Android was designed. In its current state, it’s built to be open and flexible, but that also means that companies can add their own software to it.

How Apple Changed Privacy In Mobile Devices

Many people were asking for more control over their location data so that they could limit how much of their data was being collected by apps. With this update, Apple has added permissions for location data so that you can choose what apps can access your location data and when they can access it.

Apple Nutrition Label

The iOS 14 update has changed how the OS handles privacy. The Apple Nutrition Label is a welcome change that brings much more clarity to what's happening behind the scenes. The new nutrition label is split into two sections — one for the privacy policy and one for the terms of service.

The company introduced a dedicated section in the App Store that provides information about the app's permissions, which is accessible by swiping right on any app's page. This will help users better understand how their data is being used by apps, so that they can make more informed decisions about which apps to download.

These labels also include a new feature called "Data Privacy Impact Assessment," which lets you know how your data is being used by apps and services. You can see how much information is shared with third parties and if it's used for advertising purposes or not.

The Privacy Policy section includes a list of data Apple collects, including information about our device, apps and use of third-party services. It also explains how Apple uses this data. It's important to understand that even if you are not using an app or service, it can still collect your data.

The Terms of Service section covers all aspects of using an iPhone or iPad: from iCloud services and location tracking to how Apple shares user data with third-parties (including law enforcement). iOS 14's nutrition label is a great way for users to see precisely what kind of data is collected by apps and tarnishing phone privacy. It also allows them to revoke access to specific data types.

With this feature, Apple has taken another step to make privacy and security more transparent for users. The company had earlier introduced new privacy controls to let users manage their own data better by allowing them to delete sensitive information like browsing history, location data, contacts etc.

Android’s Take On Privacy Post iOS 14 

Google released some privacy updates such as a new data safety report that details how it uses and protects user data.

It also outlines how Google works with third parties — such as advertising networks — to gather information about users' behavior online.

The report comes as Google faces increasing scrutiny over its handling of user privacy and security. It's also an attempt to reassure users that Google is taking their concerns seriously, following the introduction of iOS 14, which introduced new privacy protections for apps.

The Google Play Store also allows installing apps from sources other than the official Google Play Store. This is convenient for users who can find apps that aren't available in their country or region and also get updates quicker than when Google releases them. However, it also risks our devices from malicious apps that could steal our personal information and send it back to the hackers who installed it.

List of Privacy Changes for Google

Google has made several changes and improvements to Android's privacy protections. Here are some of the highlights:

Google Play Store Data Safety Report

The new Google Play safety report includes two new sections:

Security: This section shows how many apps have been scanned per month and how many of them were found to contain potentially harmful software. The number of apps scanned each month has increased, indicating that Google is taking its security more seriously than before.

Privacy: This section shows how many times users have clicked on 'OK' on permissions dialogs for apps installed from Google Play. The number of times users have clicked on 'OK' has decreased since last year, indicating that people are becoming more aware of what they're clicking on when installing apps from Google Play.

Permission Model Updates

Android Pie and later versions of Android use a new permission model that prevents apps from accessing personal information unless they have a legitimate need. This includes access to contacts, calendar, photos, microphone, camera, and more.

Automatic Blocking of Malicious Apps

Google Play Protect will automatically detect and remove harmful apps from all Android devices running Android 8.0 or higher. If you download an app from another source (like APK Mirror), this protection will help keep you safe. The latest version of Google Play Protect also includes automatic updates for critical security patches and software updates that can help keep our devices secure over time and help with Android privacy.

What Does The Future Hold For Privacy in Smartphones?

The future of privacy in OS for smartphones is getting brighter day by day. With the introduction of Apple's new operating system, iOS 14, there have been several improvements in terms of protecting user privacy. 

While encrypting data may not seem like a big deal right now, it's crucial to think about privacy. Today, we have access to unprecedented information and transparency regarding our digital identities. This is what allows us to use the internet how we want.

The future of privacy will be driven by artificial intelligence (AI). The internet of things (IoT) is growing at an exponential rate. With the advent of 5G networks, we're seeing a major shift in how companies collect, store and use our data.

It's also a time when customers are becoming more aware of the value of their personal information and the consequences that can arise when it's mishandled or stolen.

But it's more than just innovation; there is an apparent demand from consumers for smartphone privacy options. With this much data being transferred around, it becomes difficult to secure it. Therefore, it is important that we take steps to protect our privacy now before it’s too late! While both companies are making changes in response to consumer demand, there are still areas where they could do better — especially when it comes to protecting people from spyware and malware.

Posted by
Vaibhav Antil, CIPM
in
Updates
on
August 3, 2022

Vaibhav is the founder of privado.ai and a CIPM certified privacy professional.

Get started with Privado

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.