Hello all! I am curious if the Android platform has a security model for protecting the privacy of the user's location. If there is, it is not yet adequate. In my opinion one of the biggest security concerns with Android regards protecting the privacy of the user's location. Is anyone with me on this?
An Android user should be able to easily monitor and control which applications have access to its current location information, and to know exactly how that information is being used. If there is an active GPS uplink running through one of my apps, I really want to know about it! Currently an Android user can only chose to turn off GPS or disable location services all together (and has to navigate through a few settings menus in order to do so), and when GPS is turned on they can only see when it is being used, but there is no way to see _what_ is accessing it! A reasonable security model would allow the user to grant or deny access to positional information to specific apps. Not only would this help protect the user's privacy, but it would also help manage battery resources! For example, Android should expect the user to allow the camera to geo-tag photos, turning on the GPS temporarily to grab the position when needed, but there's no way we should expect a paranoid or power-conscious user to turn on and off his GPS before tagging a photo. Additionally, the user should know if the app tagging the photo also tries to post its location to a web server. Relying on the one-time notification of which privileges are going to be granted to the the app at application install just simply isn't enough. Another example: I have an awesome app (Ecorio) that tracks my trips and helps me to be mindful of my carbon footprint based on my mode of transportation. I would normally be thrilled about using this app, but it is not clear what it is doing with my daily travel logs. It might be keeping them stored privately on my phone, or it might be uploading them to Ecorio's server. Android should let the user know what is going on, and when, and should allow the user to deny specific privileges to individual apps. This is a very big security concern! I've already been unpleasantly surprised when I realized that my first test post - an embarrassing photo tagged with my exact location - was publicly visible on a map on the welcome page at wherester.com along with other recent posts. The Android platform should never allow an app to be so careless with my privacy. I'm still insanely excited about the future of Android and open mobile app development, largely because I am confident that concerns like these will be solved through the process of open collaboration. But before people will confidently adopt our location-based apps we need to be to reassure them that the app isn't doing anything unexpected or not allowed with its positional information. Does anyone else share my concerns? Is anyone already doing something to address them? Sam Hiatt
