App security concerns highlighted at Vancouver privacy conference

Onus should be on app designers to protect privacy, experts say

Do you know where your latest app has been? Or maybe more to the point, does your app know where you’ve been, with whom, and how often? Is it selling that information? Is it putting your security at risk?

The privacy and security questions surrounding our mobile devices’ use of applications, and the connectedness of computers generally, were explored repeatedly by experts Oct 10 in Vancouver at a conference of freedom of information and protection of privacy.

Surveillance expert Dr David Lyon, of Queen’s University in Ontario, suggests people should think of their smartphones as being “personal tracking devices” because they track the user’s location, the type of messages sent and the content of messages.

While that’s not a reason to panic, people need to read the fine print before agreeing to add an app to their collections, says Dr David Flaherty, a past BC commissioner of information and privacy.

Flaherty notes that a recent international privacy conference in Warsaw, Poland, released a declaration that app developers should be designing privacy into their products from the beginning of the process, should ensure users have control over their information, and should minimize unfortunate surprises.

“Privacy has to come from app design,” agrees Fiaaz Walji, a private-sector expert on web security. “But does that developer think about security? How much security do you think is in a 99-cent app?”

Using geo-locations sleepers, some apps allow people to track your movements over time and in a given day, warn Walji and Ryan Berger, a lawyer specializing in security issues. This has led to home break-ins and other violations.

There are now approximately 20 class-action suits against app manufactures in Canada, and Berger expects that number to increase.

Canada’s national privacy commissioner confronted the manufacturer of What’s App about the multiple privacy violations built into the app. The app is being redesigned to meet Canada’s privacy laws, but with thousands of apps introduced yearly to the marketplace, government watchdogs are unable to monitor abuse.

The onus should be on manufacturers to ensure their apps give users an ongoing flow of information about what information is being accessed, Berger says.

Users should be given a privacy button to mask individual actions, Walji adds.

People are really exercising free choice only if they are aware of how their privacy is being violated and can adjust settings to minimize it, or okay it, on an ongoing basis, Berger says.

But computer privacy violations go beyond businesses collecting our information and using it for marketing purposes or reselling to other businesses. Recent public revelations have focused on the extent that businesses are sharing your data with government, and government is directly collecting information on its citizens. We’re in an era “where security overwrites society,” says Dr Kevin Haggerty, a University of Alberta professor of criminology and sociology.


Canadian laws around privacy and security are more rigorous than those in the US, Lyon adds, but people are often not aware of details, such as whether their information is stored in a US “cloud” or server.

US law requires that security agencies be given access to that information, and the information of foreign nationals, such as Canadians, has less privacy protection than that of American citizens.

There’s nothing inevitable about loss of privacy, emphasizes Steve Anderson, executive director of Open Media, a Vancouver-based organization campaigning for an open, low-cost internet. He rejects the suggestion that there is a “new normal” and an inevitability around corporate and government intrusion into privacy. Instead, he suggests, people should remember that “we have changed these things before and we can do it again.”

The conference, Privacy and Access 20/20, marked the 20th anniversary of the proclamation of British Columbia’s legislation recognizing the rights of citizens to access government information and have their privacy protected.

Gareth Kirkby is a former producer and editor with Pink Triangle Press, publisher of Xtra. He is the director of operations and communications for the Vancouver-based Canadian Institute for Information and Policy Studies.

Keep Reading

Job discrimination against trans and non-binary people is alive and well

OPINION: A study reveals that we have a long way to go to reach workplace equality for trans and non-binary people

The new generation of gay Conservative sellouts

OPINION: Melissa Lantsman’s and Eric Duncan’s refusals to call out their party’s transphobia is a betrayal of the LGBTQ2S+ community

Over 300 anti-LGBTQ2S+ bills have been introduced this year. This doesn’t mean we should panic

OPINION: While it’s important to watch out for threats, not all threats are created equally. Some of these bills will die a natural death

Xtra’s top LGBTQ2S+ stories of the year

The best and brightest—even most bewildering—stories from a back catalogue brimming with insight