Location-based convenience is cool but don’t forget security

Mobile adoption rates are going through the roof and the sheer ease of use of the devices is driving this adoption even harder. Devices are now able to allow coupon redemption with location tracking and even credit card purchases. The danger is in becoming too enthusiastic with the use of mobile devices for their convenience and cool factor and allowing the security of information to be a little lax.

Where is the security issue?
People using their mobile devices to complete transactions or redeem coupons are generally considered to be sophisticated users. These self-same sophisticated users have their emails, contacts and some other significant batches of information mapped and stored on their mobile devices.

This information is, of course, over and above the fact that a lot of applications request you to share your location with the service. So now they don’t only know what you are buying, with what you are buying it, but they also know exactly where you are buying it.

When looking at data pulled from an eMarketer study, over half (67%) of the US respondents surveyed said that mobile, location-based coupons were convenient and useful. Map this data against their security fears and 44% of the users feared that there was a concern around being tracked.

Are location services evil?
This is not to say that each and every request for your location is a threat. Some of the applications that are requesting this information are completely benign.

Yowza is an example of a location-based mobile coupon redemption platform (say that three times fast!) which is hoping that security fears will not hold it back too much (as its entire business model is based on it).

The concept is simple, once you have downloaded the app to your smartphone, it immediately turns on your unit’s GPS and pinpoints your location. This then searches a radius of 50 miles (80km) away from your current location and finds all of the deals within this area. You then choose which shop you want to visit.

Once you get there, you show the clerk at the check-out counter the voucher on your phone, they scan the barcode, and you save to the value of the coupon.
That’s the cool bit. The scary bit, which is the danger to security, is when the location service doesn’t get told to switch off and the app still tracks your location. This is the fear that most app users have when using services like this.

How can this fear be combated?
There are generally five basic things to check or demand from any app or device that you are using which is going to be tracking your location for any reason:

1. Everything must be opt-in
   The ability of a device to track its user’s location remains the decision of the user to make! Mobile devices come standard with the location services turned off and it is up to the user whether they want to turn them on or not.

2. Off means off
   This is pretty much a no brainer, but with the recent issues and lawsuits which manufacturers and software developers such as Microsoft are going through, you have to make sure. When the user turns off the location services, it means that the user has opted out of all tracking.

3. Clear labeling of what you are opting in to
   The terms and conditions that are displayed when users agree to the use of an app need to be clear in defining exactly what the user is allowing the application to do. When agreeing to these terms, however lengthy, it is imperative that you know what you are agreeing to.

4. Supreme Control
   Users on most, if not all mobile devices have the ability to not only disable the specific application from capturing their location, but they have the option to turn the devices location services off altogether.

5. Data encryption
   Users need to check and ensure that the application that they are using is encrypting their data when it is being send and stored. This means that should the user lose their device or it gets stolen, at least they are secure in the knowledge that their location data is not just freely available.

As much as it is the responsibility of the market place to ensure that the apps that they allow in their stores are fully compliant and not “stealing” location data, the final onus is on the user to ensure that they are safe and educated with what information they are sharing and allowing to be captured.

Image: McAfee