Eight technology companies last month sent a letter to U.S. President Barack Obama to push for legislation to scale back the amount of data government agencies can gather, to help restore trust in the government as well as a measure of personal privacy.
But it’s not just the government that’s grabbing our personal information. More and more, regular old consumer applications are asking for more permission to drill through your information. This is even exacerbated by our personal relationship with our devices, which led virtualization startup Graphite Software CEO Alec Main to remark, “We spend more time with our devices than with our wives.”
This relationship has fueled the workplace BYOD phenomenon, in which workers tell their companies which devices they want to use. In the past, companies would assign walkie-talkies or other communicators to all workers so they could control what data was on them and how it was used. But with the proliferation of devices today, people want to use what they’re comfortable with everywhere they are.
Today’s workers want a convergence of work and personal applications on their devices, if for no other reason than to reduce the number of devices they have to carry around all day. And while companies are doing a commendable job of protecting their sensitive data on worker devices, these same solutions do not protect consumer data nearly as well.
“It’s not about malware,” Main explained. “It’s not about slowing it down or running bots. It’s about legitimate apps sitting in app stores that you can download that are trolling through your contacts.
“We’ve all had those experiences. It’s amazing with LinkedIn, right? You have LinkedIn and suddenly it’s saying, ‘Do you want to connect with this guy?’ And you’re like, ‘Who IS that guy?’ It’s like somebody you had one e-mail with 10 years ago and now it’s asking if you want to connect with the guy. Or when they connect the lines in the background. I’ve been on some of these things, you connect in, and then it asks, ‘Do you want to connect with your sister-in-law?’ Well, how do they know my sister-in-law? I’m not connected to any of my family, but now it’s asking me if I want to connect with my sister-in-law?”
One indicator of the importance device users place on privacy is the kerfuffle over Google’s removal of the AppOps privacy settings software, which it says it inadvertently included with Android 4.3 but removed in 4.4.2. Google said this is because the software wasn’t fully baked.
Even so, Main said that solution was too complicated to become mainstream. “If you’re going to click on the OK OK [popup permission boxes]—going back to your saying people are just resigned to it—well I want that app. I’m not going to read what the permission are, I’m just going to click OK. So we need something really simple.”
Graphite Software’s approach is to create buckets, to separate apps and data into places where control can be better maintained. “It’s not fine-grained control, more of a macro control,” Main said. “If I put stuff in a certain bucket, or sometimes we talk about it as a room…you have your kitchen, you have your media room, your bathroom at your house. When you’re in your bathroom, that’s fine, you don’t put your bathroom in your kitchen. You live your life in different spaces already. On the weekend, you kinda want to relax, you go into the media room, you don’t want to be bothered by your home office.”
To create separate spaces, some companies take a virtualization solution. Those, Main asserted, are too heavy for mobile devices in terms of performance and memory usage. So Graphite Software has created what it calls service-level virtualization that is built directly into Android and lets users create different containers (or spaces, as Graphite calls them) on the device. Main said, “You can have as many spaces as you want because it’s very lightweight. You can delegate management of those spaces to a third party such as your enterprise IT, or you can create your own spaces on the phone.
“If you do that, you can now segregate apps into different groups. You can put all your gaming apps and accounts into one place, you can have an open space that’s for your kids so you can share your device. You can also have a personal space for yourself. And then you can also delegate a portion of it to enterprise IT, and they can enforce their own policies, but only on their space. Not on your space and not on your data. They can’t see your data either. It’s really isolated. One space can’t access another space in any way.”
In the end, for people to use these applications and devices, it’s a matter of trust. Most of us are resigned to giving up some privacy for things we want on the Web, because some personal data is required for that. But Main maintains—and I concur—that when apps on a phone device start requesting too much personal data, things are getting out of hand. This time, it’s personal.
David Rubinstein is editor-in-chief of SD Times.