Increasingly, the answer appears to be no.
A recent wave of corporate-data leaks and scandals related to sharing of personal information has led to lawsuits, fines and regulatory probes in the U.S. and Europe. Yet many cellphones and mobile apps continue to gather user data, such as people’s locations and shopping preferences, in order to share the information with other companies, including advertisers.
We asked several privacy-conscious and technologically savvy people what they do to protect their personal information while using smartphones. And the responses weren’t encouraging: They mostly agreed that smartphone users are at the mercy of phone manufacturers and app developers’ data practices.
founder and chief technology officer of Shevirah Inc., a cybersecurity company focused on mobile devices, says she doesn’t keep photos on her phones that she wouldn’t want to end up on the internet, in case a hacker accesses her phone or an app accesses the data. When even new devices can have hundreds of apps on them, Ms. Weidman says, it’s also possible she may “make a misstep somewhere.”
Other rules she sets for herself: She has different phones for work and personal use, which helps to keep different kinds of data separate. She limits to her personal device use of apps such as social-media platforms that she thinks may “spy” on her data, and she doesn’t keep sensitive information about corporate clients on any of her phones.
“It’s nice that Facebook and WhatsApp know what you like, but you give up a lot of privacy. It’s hardly worth it,” says Ms. Weidman, who explains that she uses these platforms in combination with an app that blocks ad tracking.
technology lead at nonprofit Privacy International, recommends using encrypted-messaging apps, such as
’s WhatsApp or Signal, instead of traditional text messages. While some apps “are more secure and have better privacy policies than something like WhatsApp,” he says, “WhatsApp is night and day superior for personal privacy and security” compared with plain text messaging.
Not everyone will go to the lengths that privacy experts do to protect their communications. But they agree there are some precautions anyone can take to guard their privacy. Here are some other steps they recommend to limit the amount of personal data that your phone collects and shares about you:
Don’t let apps access information they don’t need
When you download mobile apps, they may ask permission to track your location and other data. In some cases, apps need that information to do what they promise, like recommend restaurants nearby. But some may ask to access phone features even though they don’t require that information. They may share data with other companies that users may not be aware of. Many popular smartphone apps share users’ locations, health details and other data with social-media companies, a Wall Street Journal investigation revealed. Other apps share personal data with advertisers.
“If it’s an app that lets you play cards, it probably doesn’t need access to the inner workings of your phone, your contact list, the internet and your GPS,” Ms. Weidman says. She recommends watching what apps you’re granting access to your camera, microphone, contacts list, location data and other information.
Phone settings list options to shut off apps’ access to location and other information. Ms. Weidman recommends people review those permissions and refuse to download apps that request access to anything they don’t need.
Apps may even continue to collect data after a person stops using them. To cut down on the amount of data a phone shares, people can delete apps they no longer use, says Mr. Weatherhead.
Research new apps before downloading them
Consumers might want to search the name of an app online before downloading it, because the developer’s data practices may already be well known, says
a partner at law firm Baker Botts LLP and a former chairman of the Federal Trade Commission.
A quick internet search may turn up consumer complaints, lawsuits and regulatory investigations into an app’s potential privacy violations. Privacy concerns surfaced quickly this summer as more users downloaded FaceApp, which lets people upload photos of faces and change them to look older or younger.
Don’t let advertisers track your browsing
Ms. Weidman says she uses mobile browser plug-ins to stop advertisers from tracking her web activity and from presenting her with targeted ads on social media. Plug-ins to block ad tracking are available in app stores. In addition, she uses private sessions on web browsers to prevent them from keeping a history of her searches. Depending on the browser, private sessions are often described as “incognito” or “private” windows in the toolbar.
Change the data your phone shares with advertisers
One way to limit the personal data that smartphones collect and send to advertising companies is for users to regularly reset or turn off their advertising IDs, which identify mobile-phone users, in their phones’ settings menu. If a phone user changes their advertising ID, ad profilers cannot connect data they collected before and after it was reset with the same person, This reduces the amount of detailed personal information that advertisers see from that device, Mr. Weatherhead says.
While it might seem harmless if advertising companies obtain personal information about mobile-phone users, many people may not realize that advertisers might share that data with insurance companies and other business partners, Mr. Weatherhead says.
Update software on your phone
Data leaks and cyberattacks are less likely if people use up-to-date software. Often, hackers will siphon data off devices by exploiting a problem in an app or a phone’s operating system even after companies release a new, fixed version that a victim hasn’t downloaded.
“Lots of criminal attacks go in through vulnerabilities that are fixed and that you haven’t bothered patching,” says cybersecurity expert
an adjunct lecturer at Harvard’s Kennedy School of Government and a fellow at the Berkman Klein Center for Internet and Society.
Watch for phone scams
Cellphones are becoming a more attractive target for hackers. Scammers send texts with links containing malware that could compromise personal data, Ms. Weidman says.
Hackers also call cellphones and use ploys to trick people. Don’t react immediately to suspicious texts and phone calls that claim to be fraud alerts, says Ms. Ohlhausen. For instance, she says she recently received a phone call saying there was an alert related to activity on one of her financial apps; she asked to call the company back after checking it out herself.
“They try to throw you off and get you to react immediately,” she says. “Just be skeptical, take a breath.”
Dangers on the road
Mr. Weatherhead switched to an iPhone from Android after
refused to help the Federal Bureau of Investigation access encrypted data on the phone of a terrorist after a shooting in 2015. Mr. Weatherhead frequently travels abroad for his job and says authorities in some countries may want to access information about his work with privacy advocates.
“I want to know the data is staying on the phone,” he says.
Ms. Ohlhausen often decides to access the internet using mobile data instead of connecting her phone to public Wi-Fi networks because the connection may be less vulnerable to hackers. “Someone could be snooping on your traffic when you’re on a public network,” she says. Some people may want to use virtual private networks to protect their connection from intruders when using public Wi-Fi, she says.
Mr. Schneier says he accepts that a certain amount of risk comes with using the apps he wants. Two-factor authentication adds an extra layer of security to apps and makes it harder for hackers to access data, he says.
“Passwords are easy to steal, passwords are easy to guess,” he says. “Use two-factor authentication. It’s kind of a no-brainer.”
“Most of your security and privacy is not in your hands,” Mr. Schneier says. “You don’t have the ability to reverse-engineer it. You just don’t know.”
Ms. Stupp is a reporter for The Wall Street Journal in New York. She can be reached at firstname.lastname@example.org.
Share Your Thoughts
What do you do to protect your personal data on your phone? Join the conversation below.
Copyright ©2019 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8