Cookies and mobile technology

What Security and Privacy Concerns Do Cookies Pose in Mobile Devices?

If you’re even modestly Internet-savvy, your computer has at least one, and possibly several anti-virus, anti-spyware, or more general Internet security solutions. These may include AVG Antivirus, Norton 360, McAfee Total Protection, Kasperski Internet Security, Spybot Search and Destroy, Microsoft Security Essentials, Lavasoft Adaware, Malwarebytes, etc. Such anti-malware programs often identify tracking cookies as low-risk threats, and remove them as part of their routine post-scan actions. This doesn’t mean cookies are computer viruses. These plain text files don’t include any executable code, and don’t surreptitiously spread from one computer to another, infecting hundreds of thousands or millions of machines. Thus, cookies are not viruses, but they can be, and are used by some as spyware.

Even when cookies are used ethically, the fact that they send sensitive personal information including passwords, account numbers, social security numbers, etc. over the Internet, poses a security concern. This is especially true if you use a public wifi connection (think your local coffee shop or airport waiting lounge) to access your bank account or investment portfolio, to electronically file your tax returns, or any of a host of other sensitive operations. This is even more the case if the websites you visit don’t require browsers to encrypt cookie information before transmitting it.

On mobile networks, such malicious risks are lower than when using your laptop at a Starbucks. Wireless digital signals are more difficult to intercept and hack than unencrypted http files on an unsecure wifi network. Once unencrypted information makes it onto the wired Internet, they can still be intercepted and misused, but that risk is a small subset of the risk of public wifi hotspot traffic. One reason why the security concern is greater on mobile is that the majority of consumers fail to install anti-malware programs on their mobile devices.

As to non-malicious privacy concerns on mobile, because of their sandbox-limited access, cookies pose a lesser privacy issue than on computers. The caveat here is that the more complex environment means consumers are less likely to know they need to opt out of tracking individually on their mobile browser and on each app that accesses the Internet, and even if they know this, are less likely to implement such choices.

On the whole, if you install a good anti-malware program on your mobile device, and meticulously follow the needed procedures to opt in or out of tracking on your mobile browser and each app, cookies pose a lower security and privacy concern there than your computer. The bad news is that the technical challenges of using cookies in the mobile environment have encouraged advertisers to moving away from cookies to other, some would say more insidious, tracking solutions.