Does Android’s Open Source Status Make it Better in Terms of Privacy?
A quick look at the mobile device marketplace will only reveal one significant open source operating system that is used on phones and tablets. That is of course Android. The rest like iOS or Windows Phone 7 are proprietary, closed source platforms. It is impossible to tell what software is actually running on your phone, and what the phone is processing and analyzing in the background. A good example of this is the iPhone “Locationgate” scandal that erupted in the middle of last year. It was discovered that iOS 4 was collecting Wi-Fi hot spot and cell tower information and storing it on the phone for up to a year. Worse still this data was sent to your PC when the iPhone was synced with iTunes. Apple soon issued a fix and apportioned the blame to a bug and a bad choice in cache size.
Since iOS is a closed system, there is no way we will ever know the truth. And since Android is open source this could never happen on an Android powered device. Or could it? The first question is this – is Android truly open source? The answer is – almost. Although Google do publish the source code for Android and lots of companies use it and spin off projects like CyanogenMod are based on it, the truth is that the firmware that runs on most Android powered devices isn’t a plain vanilla copy of the OS.
First of all many of the supplementary components found in a mobile device, like the GPS chip, the camera or the modem, use proprietary drivers which the component manufacturers supply in a binary-only format. The phone maker just includes that binary in the build and lets it work its magic without any real knowledge of what is going on under the hood. Secondly phone makers (or more specifically mobile data network providers) often include extra software on devices (like Carrier IQ) for monitoring and statistic collection. This means the version of Android running on your phone is based in part on the source code released by Google, plus third party proprietary drivers, plus third party applications added by the phone maker or network.
The average mobile device contain more private information than most teen diaries plus they are equipped with Internet access, have built-in cameras and a microphone. This makes such devices an inherent privacy risk. Recently the Free Software Foundation (FSF) launched its “Free Your Android!” campaign in an attempt to educate consumers on the possible dangers of an “almost” open source Android.
What does this mean to the average user? To be honest not too much. Although these issues are real and although it is theoretically possible for a GPS chip manufacturer to insert some secret code into the driver binary to track your location, the real danger is with the applications we run on our phones. Tweeting with location data incorporate in our tweets has exactly the same effect as any rogue GPS chip manufacturer and users are doing this willingly. Posting everything we do on Facebook including photos is far more harmful than the possibility that the FBI is trying to contaminate phones with secret code to capture images via the camera. Allowing Google to tie together your Android account, your Gmail account, your YouTube account, your Blogger account and then create a profile of you is just as harmful as allowing Carrier IQ to record statistics about your phone usage.
We live in a mobile world and in many ways the privacy war has already been lost. The moment I switch on my phone my network provider knows where I am (and has done so for nearly two decades now). Such information has been used to convict murders and without a doubt it has been used by intelligence services to spy on people. And yet here we are twenty years later and we are still buying and using mobile devices. The best we can do is try to control what data gets shared about us via the applications we use.
Liberate Your Device!
However, for the geeks out there, the FSF has some recommendations on how to liberate your Android device. Firstly it suggests installing a truly free version of Android like Replicant. The Replicant project is an attempt to create a version of Android that is 100% open. Unfortunately it runs only on a very limited number of devices. If you can’t run Replicant, the FSF recommends CyanogenMod, but it does concede that the project “makes use of non-free device drivers and firmware.”
Don’t be complacent in thinking that Android is open source and therefore better at respecting your privacy. It isn’t. In fact Google rely on the fact that you use its services via your phone to target you with adverts based on what you are doing and where. But most of all worry about what applications you are running on your phone and what personal, private information you are willingly sharing.