Phone tracking software used by hundreds of thousands of people is being sold on for profit and could make its way into the hands of criminals if there is a significant data breach, privacy campaigners have warned.
Mobile phone operators monitor and store details about customers’ information after many unwittingly choose to be location-tracked 24/7, an investigation has revealed.
Privacy campaigners from Krowdthink say the data is being used and sold on for profit. They warn criminals could use it to target specific individuals as they go about their daily lives if hackers access the information.
Some information could even be used to blackmail customers, they say.
“Effectively consumers are opting in to being location tracked by default,” Krowdthink founder Geoff Revill said on Monday.
“The fact of the matter is your mobile service provider knows – without you knowing – where you are, how you got there and can figure out where you are going.”
The group found that 93 percent of British mobile users had opted into location tracking, and accused operators of creating physical evidence to track people.
Pete Woodward, from security firm Securious, said such accurate information would be like “gold dust” for criminals wishing to target individuals.
“The information that mobile and Wi-Fi service providers hold on location tracking is an evolving and high-risk area of cybercrime that needs urgent attention by the industry,” Woodward said.
“Otherwise we will face the frightening prospect that such highly sensitive data could get into the hands of the likes of kidnappers and pedophiles.”
The Krowdthink report comes as Open Rights Group (ORG) says operators do not give adequate information about the uses of collected data.
ORG Executive Director Jim Killock said customers should have more control over their data.
“Mobile service providers need to collect and keep data so that they can bill us for our services.
“But just because they collect this data does not mean that they have an automatic right to process that data for other purposes without our consent. If they don’t, they are removing our right to control this data and the risks associated with their using it.”