Why You Should Treat Your iPhone Like a Toddler: The State of Mobile App Security [TCTV]

Privacy and security issues have been at the forefront of tech news this week, with The New York Times reporting on loopholes in two major mobile operating systems — Apple’s iOS and Google’s Android — that allow apps to access much more personal smartphone content than most users realize.

Superstar security researcher Ashkan Soltani (his résumé includes work with the Federal Trade Commission and The Wall Street Journal and giving testimony in front of Congress about mobile privacy) was in San Francisco this week speaking at the RSA Conference, so yesterday afternoon he came by the TCTV studio to dig a bit deeper into how safe smartphones are today and whether things are getting better.

In short? It’s complicated. But Soltani has clever and compelling ways of describing what’s going on, which made for a pretty fascinating discussion. You can watch the whole interview above; here are just a couple of his points:

Smartphones aren’t as smart as you think

This part of our chat happened off-camera, but Soltani has come up with an interesting analogy: Smartphones today are like toddlers who don’t understand etiquette. Just like a four-year-old who overhears you saying that Aunt Helen is fat (and repeats your statement to Aunt Helen the next time he sees her), mobile operating system software is not yet mature enough to understand that you may want an app to access some of your photos, but not others. That in itself is not necessarily a bad thing, but the real problem is that most average users think their smartphones are a lot smarter than they really are — and are surprised to find out otherwise.

Context is key

But as toddlers grow up, they come to understand that certain information is meant to be shared only with certain people. According to Soltani, smartphone software should evolve in a similar way, learning to keep more data in context. Right now, the only data that smartphones understand to keep private is location data. Going forward, things like photos and texts could start to be treated with more consideration. Even as smartphone security gets more sophisticated, though, average users would do well to be more wary with what they share with their devices.

These are the early days

Even though it may be hard to remember life without your iPhone, Soltani said, it’s important to remember that they’ve only been around for four-and-a-half years (which ties in well with the toddler comparison.) That means that we’re in the very early days of reaching a consensus on where the privacy and security boundaries should be. For comparison, Soltani brought up the car industry: The earliest versions of the Ford Model T were popular but also very dangerous, and it took decades for regulations such as drivers licenses, seat belts, and air bags to create some structure around the industry. It could take some time for the same thing to happen with mobile devices.