Skip to main content

What happens to your smartphone data -- and is it safe?

Doug Gross
A salesman hangs a poster advertising BlackBerry in New Delhi, India, where the government wants access to data from the phones.
A salesman hangs a poster advertising BlackBerry in New Delhi, India, where the government wants access to data from the phones.
STORY HIGHLIGHTS
  • The BlackBerry controversy has highlighted how smartphone privacy works
  • Many plans encrypt data, meaning it can't be deciphered if it's intercepted
  • BlackBerry data is stored on a private server; others stored by mobile service provider
RELATED TOPICS

(CNN) -- This week, news out of the Middle East saw BlackBerry, the handheld communication device of choice in the corporate world, assailed on multiple fronts over a security problem.

The problem? It's too secure.

Governments in Saudi Arabia and the United Arab Emirates said they plan to ban BlackBerry use, at least in part, unless they're able to view messages for security reasons. India and Indonesia are reportedly considering similar measures.

The controversy has raised questions about what happens to data from smartphones and whether users should be concerned about how secure that data is.

The answers can sometimes be tricky, and differ from country to country and phone to phone. So, we've rounded up some answers to help make sense of it all.

What do governments not like about BlackBerry's security?

BlackBerry maker Research In Motion (RIM) touts security as one of the phone's major selling points to its largely professional customer base.

That's mainly done in two ways -- ways that haven't made countries like Saudi Arabia and the Emirates happy.

The first line of defense is encryption -- a system that, in very basic terms, scrambles the text of messages, then unscrambles them when they reach their destination.

Systems like BlackBerry's, and those of other smartphone vendors aiming at corporate and government clients, will theoretically show up as gobbledygook if someone grabs them between Point A and Point B.

Research In Motion, the owner of the BlackBerry, says that each individual user has a key that scrambles and unscrambles their data and that no one, even RIM itself, can access that data from the outside. (Some tech analysts doubt this is 100 percent true, but that's based more on speculation than hard fact).

Second, the BlackBerry stores data from the phones on secure servers that the company itself owns. The UAE complained that since those servers are not in-country, presumably living in RIM's home country of Canada, they can't peek in when they want to.

The countries want RIM to build and use servers in their own countries, making it easier for them to enter a "backdoor" to those servers when they're investigating what they consider a national security concern.

How is data from other phones stored?

Unlike BlackBerry, smartphone makers like Apple and HTC, among others, leave it up to wireless providers or clients to manage data.

Often, that means the data gets stored "in the cloud" -- a network of data centers that quietly secure and process information from all over the world.

That doesn't mean that data isn't safe.

On its website, Apple also promotes the "strong encryption" for data sent on its phones and lists a host of other security features -- from the ability to remotely wipe data from the phone if it falls into the wrong hands to its ability to work with companies' private networks.

Google's open-source Android platform, for phones like the HTC Evo and Droid Incredible, leaves some room for chicanery. But apps like DroidSecurity, with over 2.5 million users, specialize in cloud-based protection.

So, this means governments can't get to my data?

Afraid it doesn't.

With most phones, a government would seek data from the mobile service provider, not the phone company itself. So if you have an iPhone 4 or an old-school phone the size of a brick, a government could theoretically get access.

In the United States, that requires a court order. But laws in other countries, of course, vary.

For the record, some familiar with U.S. intelligence efforts say they have access to BlackBerry data, although the company says it never makes deals with governments to share.

Reading between the lines, this might just mean that U.S. intelligence agencies are more adept at cracking code than those in other countries.

Who else can intercept my info?

Security experts never say never. But with encryption and secure data banks, they say it's unlikely that a random bad actor could steal your transmissions in any usable way.

"If you are not a government and you are not holding the wires of the network of one of the companies like RIM or Google or Alltel, you can't really access the date the user is using or sending," said Dror Shalev, chief technical officer for DroidSecurity.

They say smartphone users are far more at risk from more mundane attacks -- from having their phones (and the data inside them) stolen to using the phone's web browser to click bad links.

"With mobile devices, a lot of the privacy and security risks are really similar to what we've seen with desktops and laptops," said Doris Yang, mobile security product manager for digital security company Symantec.

"A lot of it really does hinge on common sense. Whether we're talking about information stored on your device or in some storage facility, the same rule applies -- you shouldn't be sending out personal information."

[TECH: NEWSPULSE]

Most popular Tech stories right now