Why geolocation apps can be dangerous

ISACA today weighed in on how geolocation apps are catching on with mobile device users. The respected global IT professionals association also outlined how location-based services are posing new threats to businesses and consumers. Some 28% of U.S. adults use location-based mobile apps from Facebook, Groupon, Google and others and that number is expected to grow significantly, according to ISACA's new white paper, "Geolocation: Risk, Issues and Strategies."

Geolocation apps that pinpoint a user's physical location have opened up numerous new business models. But they also introduce unprecedented new risks, says Ernst & Young partner Marios Damianides, a past ISACA international president. When a user's gender, race, occupation and financial history are combined with geolocation tags, the data can be used by criminals to identify an individual's present or future location. This raises the potential of threats ranging from burglary and theft to stalking and kidnapping.

"As the number of geolocation users grows and the proliferation of mobile devices continues, the prospect of individual or enterprise information becoming available to hackers or other unauthorized users is a significant concern," says Damianides.

ISACA believes its recommendations are timely since regulators are moving to enact rules regarding how companies can use geolocation data from mobile devices. The organization points out that current U.S. legislation proposed by Sens. Al Franken, D-Minn., and Richard Blumenthal, D-Conn., would restrict whether companies can store individual location data obtained from mobile devices, and a proposed amendment from the U.S. Federal Trade Commission to the Children's Online Privacy Protection Act (COPPA) addresses the collection of geolocation data from children under age 13.

"We need policies that will establish 'privacy by design' to instill trust across the enterprise and guard against malicious use of location information,"says Damianides.

ISACA unveiled a five-step best practices list under the acronym ROUTE:

• Read mobile app agreements to see what information you are sharing.
• Only enable geolocation when the benefits outweigh the risks.
• Understand that others can track your current and past locations.
• Think before posting tagged photos to social-media sites.
• Embrace the technology, and educate yourself and others.

"As with all technologies, individuals and enterprises must consider their risk tolerance level," says CA Technologies' Robert Stroud, past international vice president of ISACA. "The fundamental issue at play is that many consumers are unaware of the risks. They need to educate themselves in order to make informed decisions."