TTS 2023 calendar is NOW LIVE. Download: Calendar List

Are Business Users of Smartphones Supported by Intrusive Apps Violating Confidentiality Agreements and Laws?

Are Business Users of Smartphones Supported by Intrusive Apps Violating Confidentiality Agreements and Laws?

 

By Rex M. Lee

Due to the proliferation of intrusive operating systems (OS) and apps that support smartphones, many businesses; major corporations; government entities, including the military; law enforcement agencies; healthcare providers; legal professionals; and journalists have adopted smartphones to use professionally within a confidential and protected work environment.

Intrusive operating systems and apps enable the developers to indiscriminately monitor, track, and data mine the end user for profits which means that the developers are collecting confidential and protected information from the end user posing privacy and cybersecurity threats to the end user.

Confidential and protected work environments are governed by nondisclosure agreements (NDAs), employment agreements (confidential business information/IP), federal cybersecurity standards, federal information processing standards (FIPS), and confidentiality laws that regulate medical information (HIPAA/HL7 Data), client attorney privilege, and classified information that should not be exposed to unauthorized third parties.

With that being said, we have to ask, “Are smartphones, tablet PCs, connected products and PCs supported by the Android OS, Apple iOS, or Microsoft Windows OS secure enough to use within a confidential and protected environment?” 

Confidential and protected environments include:

  • The defense industry
  • Military
  • Law enforcement
  • Enterprise business
  • Government (local, state, federal)
  • Healthcare
  • Critical infrastructure
  • Legal
  • Media (journalism)

Now that we understand a confidential and protected environment, plus who works within a confidential environment, we can conclude that smartphones, or any connected product or devices supported by an intrusive OS and apps are not secure or private enough to use within a confidential and protected environment.

Now we must ask, “Are end users of smartphones, tablet PCs, connected products, and PCs violating existing confidentiality laws and legal agreements when they use their intrusive connected devices for business purposes, such as when a doctor uses their smartphone for work?”

I believe the answer to this question is yes, based on my research on leaky operating systems (OS) and intrusive apps that support all connected products and services concerned, such as a smartphone since the intrusive apps enable the developers, including those from China and Russia, to surveil and data mine the end user, including business end users, for profits.

The reason that I believe people who use smartphones professionally are violating existing confidentiality laws and agreements is because T-Mobile and Verizon also agree with my research on leaky operating systems and intrusive apps that are developed by Google, Apple, Microsoft, Meta/Facebook, ByteDance (TikTok-China), Baidu (China), Prisma Labs (Russia) and other global developers.

As the result of an FCC consumer complaint filed by me against T-Mobile regarding the transparency of surveillance and data mining business practices, T-Mobile admits that smartphones, plus other connected devices are not a private or secure forms of telecommunications and computing.

Here is what T-Mobile had to say regarding FCC consumer complaint #423849, filed by myself:

“We, too, remember a time before smartphones when it was reasonable to conclude that when you activated service with T-Mobile that only T-Mobile would have access to your personal information. However, with the Samsung Galaxy Note, the iPhone, and many other devices, there are indeed a variety of parties that may collect and use information.” —T-Mobile Privacy Team

To validate T-Mobile’s admission, I felt that I needed another admission from a wireless service provider, so I contacted Verizon’s government division to see if they could sell me a private and secure smartphone, tablet PC, or connected product supported by the Android OS, Apple iOS, or Microsoft Windows OS.

I let Verizon know that I needed a secure and private solution because I do business as an app and platform development consultant, plus as a cybersecurity and privacy advisor within the defense industry, critical infrastructure, and enterprise business.

Verizon initially told me yes that they could sell me a private and secure solution to use within a confidential and protected work environment. After vetting Verizon’s solutions over a three-month period, I concluded that Verizon couldn’t sell me a private or secure smartphone, tablet PC, flip phone, or connected product supported by the Android OS, Apple iOS, or Microsoft Windows OS. To back my conclusion, I supplied Verizon with my research on smartphones, operating systems, and preinstalled apps which I used for a smartphone report that I did for the Department of Homeland Security Science and Technology division for the DHS S&T Study on Mobile Device Security. DHS Study on Mobile Device Security – Digital.gov  

After reviewing my smartphone, OS, and app security report exposing numerous privacy, cybersecurity, and safety threats associated with the uncontrollable preinstalled apps that supported numerous mobile devices and connected products, Verizon agreed with my conclusion validating T-Mobile’s admission.

Here is what Version had to say: 

“We have reviewed your request at the highest levels of our organization and have confirmed that the only solutions to make a phone private and secure are available through third parties, not directly from Verizon. … Additionally, Verizon is not equipped to address preinstalled solutions or applications on any device.”

There are threats associated with global preinstalled app developers because Android, Apple, and Microsoft OS-supported smartphones, and other connected devices are also supported by intrusive uncontrollable preinstalled apps developed by companies such as Amazon, Meta/Facebook, ByteDance (TikTok- China), and Baidu (China- Android app developer).

Regarding Android app developer Baidu, my research uncovered uncontrollable preinstalled Chinese surveillance technology supporting a Samsung Galaxy Note smartphone that I had purchased to use while doing consulting work for U.S. defense contractor Space Data.

Below is a screen shot of the actual code (interactive application permission command string). 

At the time I did the research on the Galaxy Note, I had no idea if Google or its preinstalled app developer partners were collecting confidential end user information for purposes associated with the Android OS or if all app developers concerned were in fact monetizing the information to sale or use to generate revenues and/or profits.

Due to my research of which I shared with Samsung, Google, and T-Mobile, I would later find out that Google, plus their preinstalled app developer partners, including Chinese Android app developer Baidu, were in fact monetizing highly confidential smartphone end user personal and business information for profits posing massive privacy and cybersecurity threats to Android OS end users, especially business end users. This revelation was also true for Apple iOS and Microsoft Windows 8, 10 and 11 OS end users.

We also have to ask Are intrusive OS and app developers violating confidentiality laws and legal agreements by collecting and storing confidential and protected information from OS and app end users?”

The answer to this question may be no due to the predatory terms of use that support all operating systems and apps concerned since the end users are accepting the predatory terms of use, even though end users are being forced to accept the terms of use otherwise the end users would not be able to use the products they are paying for if they reject the terms of use.

Furthermore, the products aren’t safe to use within a confidential and protected environment because the collective terms of use that support all products, apps and operating systems concerned do not indemnify (protect) the product user from harm, even if the user’s personal, medical, legal, employment, and business information hacked and used in a harmful manner due to negligence.

For example, if Apple’s iCloud were hacked and end user information associated with a law enforcement official, such as a Drug Enforcement Administration (DEA) agent, were exposed and the DEA agent or their family members were harmed or even killed in any way, the DEA nor the agent could be made whole by a lawsuit against Apple for negligence due to the predatory terms of use the end user is forced to accept.

This was the case regarding the actress Jennifer Lawrence, who’s iCloud account was hacked and her photos, including nude photos, plus files, emails, and other information were acquired by hackers and leaked on the internet.

Consequently, if one of her family members or herself were harmed, she would not successfully be able to sue Apple due to Apple’s one way indemnity clause.  In the end she chose not to sue, probably because her attorneys told her a lawsuit would fail due to the fact she clicked on “I Agree”.

Aside from Apple terms and conditions, all terms of use that support leaky operating systems and intrusive apps developed by all OS and app developers concerned, even app developers from China and Russia, include one way indemnity.

This is concerning, because tech giants collect our personal and business information to use for profit by way of connected product and services that cost money, yet they do not want to take responsibility for protecting our personal and business information even if they end up harming us financially or physically due to their own negligence.

It’s safe to conclude that smartphones, tablet PCs, flip phones, connected products, and PCs plus voice-automated assistants are intentionally designed for consumerism because these unsecure products and services are supported by a leaky operating systems and intrusive apps enabling the developers to exploit their end users for financial gain. 

At the end of the day, business professionals and government employees, including elected officials, may be violating numerous confidentiality laws and agreements when using their intrusive devices for work.

In part 2 of this article, we will take a close look at third-party security solutions such as mobile device management platforms and apps of which Verizon referenced in their admission to see if smartphones, tablet PCs, connected products, and PCs supported by the Android OS, Apple iOS, or Microsoft Windows OS can truly be secured and privatized at a level to be used within a confidential and protected environment.

Bio
Rex M. Lee is a Privacy and Cybersecurity Advisor, Tech Journalist and a Senior Tech/Telecom Industry Analyst for BlackOps Partners, Washington, DC. Find more information at My Smart Privacy, www.MySmartPrivacy.com