Who do I trust to store my permissions and preferences?
18 February 2014
On the way home from a very pleasant night out I noticed that my trusty Samsung Galaxy Note II was losing battery power at an alarming rate and, predictably, it didn’t last until I reached home. As well as preventing me from communicating with the usual taxi options, it also meant that my walk home was wetter due to the lack of a working torch option, essential for navigating around the copious puddles littering my unlit, unadopted road. On arrival, I plugged the charger into the device, even before removing my wet boots, and went to bed.
Sadly, in the morning the trusty Note II was no further charged and appeared to have gone the same way its Note I predecessor had gone almost exactly a year before. I set off the next day relying on a full sized iPad to stay in touch with the world until I could resolve the problem. After a lengthy chat in person, and on the device lent to me by the Hampstead Vodafone store manager, I negotiated a brand new Galaxy Note III (complete with 4G compatible tariff) to be delivered to my house the next day at no extra charge.
When the device arrived the next day (5 minutes remaining in the 5 hour delivery slot window which meant that I had inconvenienced my in-laws into ‘delivery-sitting’ for no reason – this will be another later blog entry) I eagerly got to work to get back into the connected world. The usual Samsung and Google ID processes were completed quickly but then followed a seemingly endless series of app installation requests. Each of these had a variety of permission related requests, some of which I understood the need for, though many were less obvious. Of course, just like most people, I hit ‘Accept’ after only the most perfunctory of scans. Eventually, I was back to normal and had made the Note III look just like its predecessors.
I then thought more about the whole process and wondered how it could have been made seamless and less risky for me as a customer. My old device had provided a lot of information about me and my regular usage to Google, Vodafone and others. Whilst there are obvious concerns over the inappropriate or insecure use of that information, I have nothing to hide, and value the potential advantages that this could provide in terms of targeting services effectively, as well as the recovery options that I had just benefitted from. The most useful tool was the reinstatement of my contacts details from my Google back up but I had to initiate this myself on the arrival of the device. Vodafone knew that a new Android device was replacing an old Android device and could have potentially pre-loaded it with my information. Google asked pretty much the same questions for every app that I downloaded and, although this might be required legally, they had also asked me the same questions on every previous download of the same app on different devices. I don’t like being asked the same question over and again once I have provided a reply.
This episode highlighted a few things to me. Firstly, a lot of data exists ‘somewhere’ about what I do and have done. Although I have given permission for this (often several times), it is not immediately obvious to me where all these different preferences have been stored. Secondly, it appears to be the deregulated world of Google and its app partners who are most aggressive in the capture and exploitation of my briefly attained consent. Finally, I have given this consent because I need a particular service/product/game at a particular time, rather than the more general consent for things I have yet to experience or benefit from.
I decided that I would much rather that all my consent decisions were stored in a single place, controllable by me, managed by a provider that is regulated and legally bound to protect my current and future exposure to fraudulent, irritant and inappropriate use of it. I would also like MNOs to actually interpret their regulatory brief to provide services that I will definitely benefit from by actively acquiring my consent in the same way that their less regulated OTT competitors are doing. I would even go as far as saying that a true test of their trusted status would be that I, and the majority of others, happily opt-in as the default.