What's New?
1:51 pm
Thu May 15, 2014

Downloading A New App? There's Reason For Caution.

Originally published on Thu May 15, 2014 2:31 pm

How much information sharing is going on in your smartphone? That was something Here & Now’s Sacha Pfeiffer started wondering when she upgraded her phone and discovered that all of her photos had been rearranged according to the geographic location where the pictures had been taken.

We turn to cyber expert Tyler Cohen Wood, who is the cyber branch chief for the Defense Intelligence Agency. She’s also author of the new book “Catching the Catfishers: Disarm the Online Pretenders, Predators, and Perpetrators Who Are Out to Ruin Your Life.”

Guest

Copyright 2014 WBUR-FM. To see more, visit http://www.wbur.org.

Transcript

SACHA PFEIFFER, HOST:

From NPR and WBUR Boston, I'm Sacha Pfeiffer. It's HERE AND NOW.

I was surprised recently when after upgrading my smartphone all of my photos were automatically resorted, according to where I was when I took them. Even though I hadn't remembered the exact locations where I snapped some of those pictures, my phone knew. What other information do our electronic devices have that we don't know about?

Joining us to talk about this is Tyler Cohen Wood. She's a cyber expert at the U.S. Defense Department and author of the new book "Catching the Catfishers."

And, Tyler is what happened with my photos pretty much par for the course?

TYLER COHEN WOOD: It is definitely par for the course. Every time that you take a photograph with any modern-day smartphone or camera, there's something called exif data that is attached to that photograph. What that is, is it's data about the camera, such as the serial number or information about the camera.

But what we're mostly interested is it also gives the exact geo-location of where that photograph was taken. And when you post that to social media sites that do not strip that data out, or you send that photograph or have it in your camera, that exif data is very easily accessible.

PFEIFFER: In fact, you give an example in your book of some Burger King employees who took a photo that was not very flattering to the fast-food chain.

(LAUGHTER)

PFEIFFER: And they didn't identify the chain, the exact chain, so they thought they were clear. But their metadata on their phone let people track it back to them and they were fired.

WOOD: What he did was he posted a photograph of himself standing in a bucket of lettuce with his dirty feet. And he posted it to social media. Well, this exif data is actually very easy for anyone with freely available tools to strip out of these photographs, and actually pop on a nice Google Map for you.

PFEIFFER: Beyond things like our location data embedded in the photos we take, you also talk about what you describe as Application Permission Creep.

WOOD: What it is, is it's when an app that you have on your smartphone or on your tablet has one purpose. You use it for something like social media but it demands, or asks for access to other apps for system functions on your devices.

For example, my husband and I went out to San Clemente, California, for this wedding. Matt and I fell in love with it - it's beautiful, the weather is great. We come back to Washington, D.C. and we have a text message conversation with each other. And I say to him: I really want to move to San Clemente. And he says: I do, too.

About five minutes later, he logs in to one of his professional social media sites on his smartphone. And he's getting advertisements for jobs in San Clemente. I logged on...

(LAUGHTER)

PFEIFFER: Pretty disturbing isn't it?

WOOD: Pretty disturbing. I logged on and I'm getting real estate advertisements for San Clemente.

If you go into the permission settings of your smartphone, you would be surprised at how many applications not only have full access to read your text messages, but have the ability to also send text messages on your behalf. They also have the ability to sell the information from your text messages to third parties.

PFEIFFER: So what could we have done to prevent that, assuming we don't want that kind of solicitation?

WOOD: Go into the settings on your smartphone. With an iPhone, you want to go into the privacy settings and look at what permissions various applications have to other aspects of your phone. For Android, go into the application manager and look and see what permissions they have to your devices. Because then, if you're educated, you can make a decision whether it's worth using that application.

PFEIFFER: Tyler Cohen Wood is a cyber expert at the U.S. Defense Department. And her new book is "Catching the Catfishers: Disarm the Online Pretenders, Predators, and Perpetrators Who are Out to Ruin Your Life."

Tyler, thanks very much.

WOOD: Thank you so much for having me.

PFEIFFER: You're listening to HERE AND NOW. Transcript provided by NPR, Copyright NPR.