When Smartphone Terms of Use Become Cyber-Enslavement Agreements

October 23, 2018 Updated: October 29, 2018

Commentary

This article is part of a series on corporate surveillance highlighting civil liberty, privacy, cyber security, safety, and tech-product user exploitation threats associated with connected products that are supported by the Android (Google) OS, Apple iOS, and Microsoft Windows OS.

So far, in this series of articles, we have covered “Surveillance Capitalism: Monetizing the Smartphone User” and “Legal Malware: How Tech Giants Collect Personal and Professional Info Through Apps.”

Now, let me pose a question: How is it legal for tech giants to intentionally develop addictive technology in order to lawfully exploit their product users for financial gain at the expense of the user’s civil liberties, privacy, cyber security, and safety?

Answer: The collective published (online) and unpublished (hidden-in-device) terms of use that support all products concerned give content developers the ability to lawfully monitor, track, and data-mine the product user for financial gain.

Terms of Use Analysis

After analyzing the pre-installed (“rooted”) content that supported a Samsung Galaxy Note smartphone that I had purchased from a T-Mobile corporate store, I was astonished to learn that there were more than 15 multinational companies enabled to monitor, track, and data-mine almost all of the product user’s personal and professional telecom-related digital DNA.

I was horrified to find out that the collective digital DNA being harvested and used for financial gain by all parties concerned included the following:

• Surveillance data, such as location data, geofence data, motion data, health and fitness data, auto-telematics (a car’s speed), biometric data, audio and video of the user, among others. Note that geofence data includes the specific time a user arrives and departs from specific locations.

• Sensitive user data, such as the user’s ID, text messages, email attachments, emails, contacts (electronic address book), calendar events, instant messages, and other particulars.

• Surveillance and sensitive user data acquired from multiple sources (connected to the host device), such as voice-automated products (e.g. Echo powered by Amazon), social media accounts, personal accounts (banking, medical, etc.), tablet PCs, TVs, and vehicles.

One of the companies enabled to harvest digital DNA that I identified was Baidu, a Chinese state-owned company. Following the Baidu revelation, I asked myself if I had actually agreed to be monitored, tracked, and data-mined by all parties concerned when I clicked on “I Agree,” without reading the fine print to accept the collective product terms of use.

I needed to validate if I had actually agreed to be surveilled and data mined 24 hours a day, 7 days week, 365 days a year for financial gain, so I authored a Samsung Galaxy Note terms of use and pre-installed content report and analysis.

I initially reviewed the published (online) terms of use to see if I had actually agreed to enable 15 or more multinational companies to surveil and data-mine my collective digital DNA associated with the use of my Samsung Galaxy Note.

I couldn’t find anything specific other than references to the fact that all parties concerned were enabled to share “unidentifiable personal information” with third-parties, such as advertisers, publishers, partners, and other nebulous entities, as confirmed by Google and T-Mobile’s privacy policies.

I had a false sense of security that my ID was at least protected, but I was highly concerned with regard to how much surveillance companies were conducting on my personal and professional activities, plus how much collective digital DNA that said companies were enabled to collect and use.

It wasn’t until I analyzed the unpublished (hidden-in-device) terms of use that supported the pre-installed content that I was able to understand how much collective digital DNA that the content developers were able to collect and use for financial gain.

Not only did my report conclude that pre-installed content, such as apps, was essentially a legal form of malware, enabling the content developers to surveil me at all times while data-mining my confidential digital DNA from my Galaxy Note, but I also learned that the terms of use were essentially the equivalent to a “cyber-enslavement agreement,” enabling the content developers to exploit product users for financial gain while posing huge privacy and cybersecurity threats to users.

My research, coupled with the admissions by T-Mobile, Verizon, Google, and Facebook, concluded that social media, smartphone, and connected-product users may be clicking away their civil liberties, privacy, cybersecurity, and safety when they click on “I Agree” without reading the fine print.

Furthermore, users are agreeing in some cases to pay content providers to exploit their personal data for financial gain at the expense of their civil liberties, privacy, cybersecurity, and safety.

In essence, all product users can actually be described as “uncompensated information producers,” who are being exploited for financial gain by the very tech companies that users patronize with their loyalty, trust, and hard-earned money.

Clicking on ‘I Agree’

Now for another question: Why do we click on “I Agree” without reading the fine print, if the consequences are so devastating to one’s civil liberties, privacy, cyber security, and safety?

Answer: We click on “I Agree” without reading the fine print to participate, coupled with the fact that so many of us are suffering from cyber-addiction due to addictive technology.

The first step to recovery is admitting that there’s a problem.

We are so eager to participate due to our addiction to technology that we will actually click on “I Agree” to accept a legal contract without bothering to read the fine print, even if the legal contract is predatory, exploitative, and misleading.

Google, Apple, Microsoft, Facebook, Amazon, Baidu, and other tech giants bank on the fact that people, including children as young as 13, will just click on “I Agree” to accept a legal agreement without reading the fine print.

The fact that product users aren’t reading the fine print has earned billions in profits for said companies by way of exploiting their product users’ collective digital DNA for financial gain.

Following my research of the legal process that supports smartphones, connected products, and content such as apps, I was shocked to find out that the product user is agreeing to accept published (online) and unpublished (hidden-in-device) terms of use when they click on “I Agree.”

Published (online) terms of use are transparent to the tech-product user and consist of

  • terms and conditions (T&Cs)
  • privacy policies
  • end user licensing agreements (EULAs)

Unpublished terms of use (application legalese) aren’t transparent to the product user and consist of

  • application permission statements (App Permissions)
  • application product warnings
  • interactive application permission command strings

Some smartphone and connected-product users are familiar with app permissions associated with third-party content, such as apps that are distributed by sources such as Google Play or the Apple App Store.

However, nearly all smartphone and connected product users don’t realize that the pre-installed apps, widgets, and emojis that support their devices are also supported by app permissions, which are also supported by application product warnings and interactive application permission command strings.

Which leads me to my next question: Why is the pre-installed application legalese so important to the product user?

Answer: The app legalese explains the level of surveillance that content developers can conduct on the product user, while also explaining how much personal and professional telecom-related digital DNA can be collected by the parties concerned.

The pre-installed app legalese is the most important legalese to the product owner and/or user, yet companies such as Google, Apple, Microsoft, Amazon, Facebook, and Baidu hide the application legalese within the operating system of the product.

I believe that all parties concerned hide the app legalese because most people wouldn’t buy a smartphone if they were able to read it prior to making a product purchase.

Don’t take my word for this claim: Read the Android app legalese examples below that are associated with the pre-installed content that supports the Samsung Galaxy Note smartphone.

The samples below include the word-for-word legalese plus screenshots of the Android (“Google”) app permissions and product warnings, which aren’t published within the online terms of use:

  • Access to your personal ID: “Allows apps to read personal profile information stored on your device, such as your name and contact information. This means that apps can identify you and may send your profile information to others.”

    terms and conditions
    (Screenshot via Rex M. Lee with annotation)
  • Access to your social media messages (includes product warning to censor speech): “Allows the app to access and sync social updates from you and your friends. Be careful when sharing information—this allows the app to read communications between you and your friends on social media networks, regardless of confidentiality. Note: this permission may not be enforced on all social networks.”
terms and conditions
(Screenshot via Rex M. Lee with annotation)
  • Access to your text messages: “Allows the app to read SMS messages stored on your phone or SIM card. This allows the app to read all SMS messages, regardless of content or confidentiality.”
(Screenshot via Rex M. Lee)
  • Access to your contacts (includes product warning): “Allows the app to read data about your contacts stored on your phone, including the frequency with which you’ve called, emailed, or communicated in other ways with specific individuals. This permission allows the apps to save your contact data, and malicious apps may share contact data without your knowledge.”
(Screenshot via Rex M. Lee with annotation)
  • Access to your calendar data: “Allows the app to read all calendar events stored on your phone, including those of friends or co-workers. This may allow the app to share or save your calendar data, regardless of confidentiality or sensitivity.”
(Screenshot via Rex M. Lee)
  • Access to the device’s microphone and volume control: “Allows the app to record audio with the microphone. This permission allows the app to record audio at any time without your confirmation. Allows the app to modify global audio settings, such as the volume and which speaker is used for output.”
(Screenshot via Rex M. Lee)
  • Access to the device’s camera: “Allows the app to take pictures and videos with the camera. This permission allows the app to use the camera at any time without your confirmation.”
(Screenshot via Rex M. Lee)
  • Access to email attachments and instant messages: “Allows this application to access your email attachments. Read Instant Messages.”
(Screenshot via Rex M. Lee)
  • Access to surveillance data (e.g., location data): “Allows the app to get your precise location using the Global Positioning System (GPS) or network sources, such as cell towers and Wi-Fi. These location services must be turned on and available to your device for the app to use them. Apps may use this to determine where you are, and may consume additional battery power.”
(Screenshot via Rex M. Lee)

Note that the above app permissions and product warnings are only a few of numerous permissions that support a single smartphone. Some individual apps can be supported by over 60 intrusive and exploitative permissions.

So this then begs the question: If you were enabled to read the enclosed pre-installed app permissions and product warnings prior to making your smartphone purchase, would you have purchased your smartphone?

I believe that it is illegal to hide application legalese and product warnings from consumers and businesses.

Hiding product warnings from consumers is tantamount to a cigarette company hiding the product warnings associated with cigarettes within the packaging.

Smartphones Aren’t Private or Secure

In closing, we can see that telecom-related products such as smartphones and connected products that are supported by the Android OS, Apple iOS, and Microsoft Windows OS aren’t private, secure, or safe forms of telecommunications and computing, due to uncontrollable pre-installed surveillance and data-mining technology in the form of content such as apps.

Don’t take my word for this claim: T-Mobile and Verizon told me that all products concerned aren’t private, secure or safe due to pre-installed surveillance and data mining technology developed by Google, Apple, and Microsoft, plus all relevant pre-installed content developers.

T-Mobile’s admission: “We, too, remember a time before smartphones when it was reasonable to conclude that when you activated service with T-Mobile that only T-Mobile would have access to our personal information. However, with the Samsung Galaxy Note, the iPhone, and many other devices, there are indeed a variety of parties that may collect and use information.”—T-Mobile Privacy Team (FCC Consumer Complaint #423849 filed by Rex M. Lee/Public Record)

In April, I contacted Verizon to see if I could purchase a private, secure, and safe smartphone, tablet PC, or even a traditional cellular phone. While Verizon said they could sell me a private, secure, and safe telecom-related solution, after reviewing the options, I concluded that wasn’t the case.

Verizon agreed with my conclusions that all products concerned aren’t private, secure, or safe telecom-related solutions:

Verizon’s admission: “We have reviewed your request at the highest levels of our organization and have confirmed that the only solutions to make a phone private and secure are available through third-parties, not directly from Verizon. … Additionally, Verizon is not equipped to address preinstalled solutions or applications on any device.” (July 2, 2018)

Note that pre-installed and/or third-party mobile device management (MDM) and security apps, such as Samsung Knox and IBM MaaS360, don’t protect the product user from the pre-installed surveillance and data-mining technology developed by all parties concerned.

My closing question is, how come the Federal Trade Commission, Federal Communications Commission, state attorneys general, and lawmakers haven’t protected U.S. citizens, children, and business professionals from companies that employ predatory surveillance and data-mining business practices rooted in surveillance capitalism?

This question remains unanswered. However, I will be addressing this question, as well as how to understand your rights, the harmful use of digital DNA, and the legality regarding surveillance and data-mining business practices in my next articles.

Rex M. Lee is a privacy and data security consultant and Blackops Partners analyst and researcher.

Views expressed in this article are the opinions of the author and do not necessarily reflect the views of The Epoch Times.