Ain't No Smartphone Private

Ain't No Smartphone Private

Bad English notwithstanding the title has gravitas. If a device has ever connected to the Internet or a phone network it has been identified. The hops to identify you with a specific device directly correlates to your using as intended, which is to join a network for communication and information. Its as simple as putting a SIM card in phone and turning on or joining a WiFi network and opening a web application or browser.

Phone network SIMs usually involve government issued ID and payment details. This portion of a phone's operation is completely separate outside the basic integration of functionality into the predominate Android and IOS phone operating systems. While the hardware for the phone networks has continually upgraded: 3G, 4G, 5G, etc, the software for these systems is fairly old and low tech. A 'dumb' phone can still connect to the networks for basic telephony. Telemetry data is constantly pinging between phones and network cell towers revealing device ID, location, time and who knows what else. Many examples exists of authorities identifying masses of people at a specific location at a given time. This information can be freely bought through legitimate channels.

Forget the trove and ease of consolidating your personal data collection combining above while using your SIM card provider's data plan. Open your phone's WiFi settings. All those other networks you see have your device name. What the WiFi router does with that information is anyone's guess. 'Important' applications such as those involving transactions, finance and (government) administration will collect not only prior mentioned information, but also likely need to be granted network privileges, along with access to contacts, media and peripheral permissions just to work properly. All of these 'important' applications will use App Store or Google Play versification which means all of your personally identifiable information will be collected and shared between possibly phone company, (minimum) the App Store or Google Play and application provider. Again, this information can be freely bought through legitimate channels.

You can have a bum buy a burner phone for you, don't use a SIM, only join open WiFi networks, use a VPN and get away with some 'slight of hand' anonymity. If somebody important enough deems you important enough to find they will though, because humans are creatures of habit and will eventually establish patterns. A mediocre data scientist can probably collate data points between IP addresses, device information, application and web browsing data to ascertain your profile and general whereabouts pretty quickly.

There is very rarely any reporting on the state of encryption. I'm not an encryption expert. But, just cursory reading around on various 'security' focused project forums, there always seems to be threads about attempts to place malicious code into the versions of different operating systems (OS), utilities and popular applications. Quantum computing has arrived meaning, theoretically, today's encryption standards can be hacked. Some companies and their encryption implementation must presently work, hence the UK's battle against Apple for a backdoor into it's Advanced Data Protection feature, since backtracked on, or the arrest of Telegram's founder. Most if not all of this is playing out because of our daily interactions centering around smartphones. My personal opinion, thinking WhatsApp or Signal communications are private because they are advertised as 'encrypted' is comical, just knowing the characters, companies and funding behind them respectively.

There are some ways to mitigate your data leaks, but frankly they are a complete pain in the backside. Specific hardware should be used. applications sand-boxed, create multiple user profiles, limit application permissions, don't use a SIM, use virtual telephone numbers, use a portable WiFi tower and only connect to that tower's network Internet with a phone using a VPN. It all becomes a bit cumbersome and inconvenient for the purpose of having a 'smartphone' in your pocket. And even worse, any missteps along the way means your privacy has been compromised anyway.

Securing computers is fairly easy if you know how to go about it. Smartphones are a completely different animal. You can be fairly anonymous digitally or otherwise if wanted.

I can help.

Subscribe to Mark Queen

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe