Your Software Is Secure – Or Is It?

There’s a quote out there that goes:

If you’re not the customer, you’re the product.

That’s directly applicable to any bit of “Free” software you use.  If there’s an ad being shown, if it asks you to install a different browser or tool bar, if there’s an offer to download 10 free MP3s – You Are The Product.

Fair enough.

There are exceptions to that rule.  There are a lot of excellent pieces of software out there that are free with no strings attached.  No phone home tricks, no advertising, and no other gotchas.   Those typically are called “GPL” or “GNU Software” or “FOSS“.  I do most of what I do on Windows, however off that windows machine, I live in that FOSS world of Linux.  If I want a spreadsheet, I merely download Libre Office and I’m happily counting away my beans.

I guess the fact that there is no support network provided with most of that kind of software means I’m still the product but I’ll ignore that.

Once you leave that world of Windows or Mac OSX where you pay and expect complete discretion (and you would be wrong), or Linux where the power of Open Source means you have thousands of eyes looking at the software and putting out a warning that your operating system might be spying on you (Ubuntu), it gets a bit questionable.

The assumption is that with your shiny iPad or iPhone, Apple is looking into that for you.   It’s not completely clear that that is true, and rumor has it that it isn’t.

On the other hand, Android does warn you when your phone or tablet is being asked to sign away your information.   You can still allow it, but it does warn you.   The idea is that the user is expected to be an educated Android user and actually stop and look at the warnings.   On the other hand, when is the last time you took the time to read an EULA (End User License Agreement)

Exactly, even I just skim them.   If it says it’s GPL, I assume it’s OK, otherwise, you may get one  of those programs that says that if you send an email to a specific address, you “win” 1000 dollars US.   Yes, that happened, once, and it took five years for anyone to find it and collect!

The most egregious use of the person being the product lately is the Jay Z app called “Magna Carta”.  Download and install the app and you get to join in and help to promote his CD of his latest “songs”.

Great, if you like that sort of thing.  On the other hand people did start to read what the app wanted to do to your Android phone.   It basically demanded full control, including your personal details, it wanted to start at start up time, and demanded access to your Facebook and Twitter accounts.  The assumption is that it was going to go out and put postings to those accounts in your name saying how much you were enjoying his “songs”.

Rap.  Bleah.  But he’s making my point for me.   It does not say that Jay Z is doing something with all that information, it merely says that the software has access to it.  He is using people as marketing tools to build the social buzz on Facebook and Twitter.  He may never use any of it, and that access may not ever be used, but it begs the question:

Is that in your benefit?
 
When you go to your app store, look around and ask yourself do you really need it?   That app will probably slow your phone or tablet down whether it is on the iPhone or a shiny new Android Tablet because it will want to start up when you turn the thing on.

Is that in your benefit?

That app may want to know who you called today, and forever.

Is that in your benefit?

That app may want access to whatever is running at any given moment.

Is that in your benefit?

The answer to all of that is no. 

Especially that last one.  If you use a smartphone to do your banking, your banking details are POTENTIALLY exposed to any app that is running at that time.   Want to share your bank account information with me?  I didn’t think so, but would you with an app developer?  That answer should still be no.

The best thing you can do with that phone is to make calls with it and keep it clean of unneeded software.  That includes free or paid apps.  There’s too much risk these days.

Sorry to bring bad news but there are some questionable people out there.