Smartphone and tablet users are unwittingly sharing their personal data with strangers, including cyber criminals who could use it to go on an online buying spree, police warn.
New Zealand Police electronic crime lab national manager Maarten Kleintjes warned the full names, email addresses and postcodes of users of the GooglePlay store were being supplied to application developers.
He is among a handful of New Zealand’s cyber crime experts warning users of the GooglePlay store, available on Androids, about the basic information automatically being shared with app developers, who could use it for any purpose they liked.
“It’s identity theft,” Mr Kleintjes said.
Around 80 per cent of the world’s mobile devices can access the GooglePlay store.
NetSafe executive director Martin Cocker said because Google’s app store was unregulated, the intentions of every application developer could not be known by the user.
“People are worried about the Government reading their emails while they are using Gmail, a service that by default reads your emails,” Mr Cocker said.
“You can end up trying a number of services from app developers who you would be less than comfortable having access to your information.”
Mr Cocker said some users who downloaded questionable applications from the GooglePlay store could find themselves being blackmailed by the developer.
“Online services are becoming more and more personalised and primarily it’s an open community where anyone can get any information. If you were a cyber criminal, you would be much more likely to exploit this opportunity.
“There’s certainly some concern with about what happens when you use some of these services.”
The problem was unique to GooglePlay, since Apple’s and Microsoft’s app stores are both run by each company who don’t pass any information other than the number of downloads on to the app developer.
National Cyber Crime Centre Detective Cliff Clark said while Google’s practices were not illegal and detailed in their privacy policies, most users did not read them and were not aware their details were being shared with third parties.
“People don’t realise that they are sharing. That’s the biggest worry,” Mr Clark said.
In some cases people’s Gmail contact books were being shared with third parties.
“The issue is that the technology has moved so fast that it has left consumers behind.”
Company X director Jeremy Hughes, whose Hamilton firm writes business specific applications for the GooglePlay and Apple Store, said it was a matter of education.
“People have to pick their level of trust and security.
“From a developer’s point of view it’s very interesting to know who is downloading your app, where they are and their email address, but as a user of GooglePlay I can trust developers with my personal information as much as I can trust anyone else online . . . There is undoubtedly going to be bad eggs out there.”
The biggest risk, Mr Hughes said, was becoming a target for email spam.
“Time will only tell whether that does happen and whether it can be traced back to the Google Developer Console.”
Smartphone users the Waikato Times spoke to were unaware of the practice.
Google spokesman Shane Treeves said Google took the privacy and security of users very seriously.
“Google Play developers are bound to developer terms which prevents them from sharing information for ‘Product may only use that information for the limited purposes for which the user has given you permission to do so’.”
“Google Wallet shares the information needed to process transactions and maintain accounts, and this is clearly stated in the Google Wallet Privacy Notice,” he said.
– © Fairfax NZ News