SUMMARY OF SMARTPHONE PRIVACY INITIATIVE

Transcription

1 SUMMARY OF SMARTPHONE PRIVACY INITIATIVE -INNOVATION FOR A NEW ERA THROUGH PROPER HANDLING OF USER INFORMATION AND ENHANCED LITERACY- November 2, 2012 Kuniko Ogawa Director, Telecommunications Consumer Policy Division Telecommunications Bureau Ministry of Internal Affairs and Communications (MIC), JAPAN

2 Contents 1 Trends in the diffusion of the Smartphone 2 User information in the Smartphone 3 Outlines of Smartphone Privacy Initiative 4 Enhancing user literacy: Smartphone privacy guide

3 1 Trends in the diffusion of the Smartphone

4 Characteristics of smartphones 3 Smartphones are advanced function mobile phones supposed to be connected to the Internet. It is common that users of smartphones install applications without restrictions they want to use. In variety sides, smartphones have different characteristics from Feature phones. Advanced Telephone information processing function function mobility Feature phone mobile phone near to PC PC By installing applications, able to use variety services and customize the function as user like Able to browse websites for PC on a big screen with touch panel control instinctively Able to connect to the Internet through wireless-lan and WiMAX as well as mobile phone network Smartphone Variety applications and services are spread by platform operators, application developers etc. as well as mobile phone operators

5 Changes in and forecast of the number of domestic smartphone shipments 4 Smartphones are continuing to make up a rapidly growing percentage of the mobile phones shipped in Japan, and are expected to reach nearly 70% in FY * Survey conducted by MM Laboratories (values from FY 2011 onwards are estimated). ( Recorded and projected numbers of smartphones shipped annually (as of July 2011) (7th July 2011) and Smartphone terminals shipped in Japan in the first half of FY 2011 (27th October 2011))

6 Ratio change and estimate of the number of smartphone contracts in Japan 5 (10,000 contracts) 12,000 10,000 10,292 8,000 10,527 number of SP contracts 10,912 11,239 number of FP contracts 11,542 7,629 11,815 12,068 6,691 SP contract ratio 5, % 12,310 5, % 100.0% 90.0% 80.0% 70.0% 60.0% 8, % 50.0% 6,000 10,172 10,212 9, % 40.0% 4,000 2, % 6,137 7, % 5,124 3, % 3.0% 2, FY2008 FY2009 FY2010 FY2011 FY2012 FY2013 FY2014 FY % 20.0% 10.0% 0.0% * Survey conducted by MM Laboratories (values from FY 2011 onwards are estimated). ( Recorded and projected numbers of smartphones shipped annually (as of July 2011) (7th July 2011) and Smartphone terminals shipped in Japan in the first half of FY 2011 (27th October 2011))

7 Change in mobile communications via smartphones 6 Smartphone realize greater utilization of mobile communications, compared with featured-phone. The average length of user s internet connection via smartphones became longer, and user s activities in the internet and shopping, and/or even user s lifestyle may be gradually affected. Use of SNS Anywhere, anyplace connection to SNS via smartphone Always connected Always connected to the network, and able to use network services seamlessly through applications Access for cloud service Automatically synchronize data of smartphone and cloud Various types of application User can download and use more than hundreds of thousands of applications via market Link to PC and consumer electronics able to operate TV, air conditioner using smartphones Free voice communications Free voice communication through communications apps using IP networks

8 2 User information in the Smartphone

9 User Information on Smartphones 8 Users carry smartphones under the condition that they are always turned on and connected to the network. Therefore, they have a stronger connection to users than PCs and it is possible to acquire and accumulate a variety of information, such as action history and call logs of users. Data managed by phone numbers and address books, accurate location data by GPS, etc. Principal user information on smartphones A B C 5678 Call logs Location data Contractspecific ID Contact data Smartphone Information on images and pictures History of Internet browsing History of SNS usage Information on use of apps Information on use of games Information of search for stores Purchasing History

10 Structure of Smartphone Services 9 As for smartphones, a variety of business operators with different roles offer services in each layer of services. On the other hand, as for traditional mobile phones, mobile phone carriers offer all services from infrastructure to contents. Business operators which provide the operating system (OS) equipped with smartphones usually operate sites for providing applications and have an influence on each layer, such as the development of devices, use of communication networks, provision of applications, charging/authorization, etc. It is pointed out that an application developer gains certain compensation for the incorporation of information collection modules provided by an advertisement delivery business operator into applications and that user information may be transmitted to information collection business operators through information collection modules. Provision of individual apps Examples of the parties related to user information on smartphones Contents service layer Platform layer Provision of places where apps can be provided to users Network layer Mobile terminal layer User Apps providers & individuals Website operators for apps distribution OS providers Mobile telecommunicat ions carriers Mobile terminal providers App. Sites Browsing WiFi WiMAX App. Application provision sites of device manufacturers App. Application provision sites of mobile telecommunications carriers Smartphone App. Application provision sites of OS providers 3G network App. Application provision sites of contents business operators Downloading apps Provision of information collection modules Advertise ment Ad. Service providers Information collection providers User Information Advertise ment Advertiser

11 Acquisition of User Information on Smartphones: Restrictions by Operating System 10 App Store Google Play Windows Phone Marketplace Operated by Apple Inc. Google Inc. Microsoft Corporation Examinations and policies related to the posting of applications Preliminary examinations by Apple Inc.; Apps shall not transmit information on users without obtaining the preliminary permission of users and providing information on where and how data will be used. Agreement concluded with app developer (Developer Distribution Agreement) and self-examination of persons who post apps; Application developers shall consent to protect the privacy and legal rights of users (it is necessary to send appropriate notices and provide protection based on laws) Preliminary examinations by Microsoft Corporation; Apps may acquire only limited information and it is necessary to obtain the preliminary permission of users concerning the purpose of use and contents of transmitted data. Number of Apps 585,000 (As of March 7, 2012) 450,000 (As of March 7, 2012) Over 64,000 (As of February 27, 2012) Market from which apps may be downloaded to each device Only App Store Default market is Google Play (approval of users is required for download from other channels). However, customizing is allowed at the discretion of mobile telecommunications carriers. Only Windows Phone Marketplace Example of the actual screen that asks whether users allow apps to get access to their information

12 Awareness of users concerning the use of applications 11 76% of users feel some sort of anxiety at the use of applications Main reasons for their anxiety are related to performance of devices such as influence on consumption rate of battery and influence on operation speed of device. 30% of users feel anxiety at the acquisition of user information and virus infection Anxiety at the use of applications Have you ever felt any anxiety when you use applications downloaded to your smartphone? If so, what kind of anxiety have you felt (multiple answers if you have felt any anxiety) The operation of my smart phone becomes slow I am afraid that the battery dies quickly I am afraid that various information is acquired from my smartphone 29.2 I am afraid that my smartphone would be infected with virus I am afraid that there is not enough support system when I use applications I have other types of anxiety I have never felt anxiety (Note) MIC survey conducted in February 2012 (number of valid responses: 1,576, smartphone users are target and extracted by OS, age and gender. Cooperated by Japan Research Institute, Limited and NTT Resonant Inc.)

13 3 Outlines of Smartphone Privacy Initiative

14 Study Group on Consumer Issues with ICT Services 13 Especially taking into account the consumer s perspective, the Study Group on Consumer Issues with ICT Services has been held among relevant parties since April for the purpose of addressing a variety of issues that accompany the rapid deployment of the Internet and mobile phones as well as concrete measures responding to them (the 1 st Proposal was released in August 2009 and the 2 nd Proposal was in May 2010). Since September 2010, 4 Working Groups had been set up under the Study Group and each Working Group compiled a proposal and made it public by December In January 2012, the Working Group on User Information Sent Through Smartphones was set up and discussions have been undertaken since then. Members Masao Horibe (Chair) Professor Emeritus at Hitotsubashi University, Jin Aida (Acting Chair) Professor at School of Engineering, University of Tokyo Other members include academics, lawyer, consumer groups, industry groups, and research institutes Working Group on User Information Sent Through Smartphones User information is collected through applications and stored in the smartphone, and it is used in a variety of forms by smartphone applications. It is reported that some applications transmit user information to a third party without notification. It is often the case that users are not well informed of such situation and do not recognize how their information is handled. It is essential that user information on smartphones are used in a safe and secure manner and in the way that it leads to the provision of services of high convenience. For this purpose, the WG aims at understanding the current situation and challenges as well as those of other countries and at addressing necessary measures regarding the proper handling of user information. Members and Observers Members: Fumio Shimpo (Chair) Associate Professor at Faculty of Policy Management, Keio University Ryoji Mori (Vice Chair), Lawyer at Cyber Law Japan Eichi Law Offices Other members include academics in the fields of constitutional law and privacy, consumer groups and research institutes * relevant business operators and industry groups participated in the meetings as an observer. Schedule The WG was set up in January 2012; the interim report was compiled in April; the final report was compiled in August.

15 Key Points of Smartphone Privacy Initiative 14 Rapid Growth of Smartphone Use In FY2011, the domestic shipments of smartphones reached million units (i.e., about 57% of the total shipments of mobile phone terminals) and at the end of the business year 2011, the penetration rate for households tripled from a year ago; approximately 30% of all households use at least one smartphone. Access to User Information in Smartphone Terminals through Applications (Apps) Various user information, such as action history and a call log, is stored in smartphone terminals. Apps sometimes access such information and transmit it to a third party without notification. In such cases, the purpose of collecting user information is not usually clear. As many apps acquire and use user information without providing a sufficient explanation, anxiety among users is mounting. Compiling the draft of the Smartphone Privacy Initiative It aims for a long- and medium-term development of the smartphone market by promoting the proper handling of user information and enhancing relevant literacy. It puts forward the following comprehensive countermeasures for privacy protection on smartphones in order for users to be able to use the service in a safe and secure environment: i) Proposing the Guideline for Handling Smartphone User Information to a wide range of business actors including apps providers, data collection module providers, website operators for apps distribution, OS providers, and mobile careers; ii) Proposing measures for effective implementation of the Guideline, which includes building a mechanism for verifying apps by a third party institution; iii) Sharing information and raising public awareness in order to improve user literacy; and iv) Promoting international cooperation

16 Current Situation Surrounding Information Collection by Apps and its Purposes 15 Purposes for collection of user information by applications are often indicated as the provision and improvement of services and display of advertisement in accordance with taste of users. However, it is not always clear how information is utilized. Current Situation Surrounding Information Collection by Apps Survey by KDDI R&D Laboratories Analysis of 980 applications selected in August (56.9%) applications have information collection modules* *A set of programs which have the function of collecting information accumulated in smartphones. Provided by advertisement delivery business operators and incorporated by application creators into applications. As for the permission on Android devices, device ID and location data (GPS) is required in 57.9% and 26.4%, respectively. Analysis of operation of 400 applications in December 2011 to January applications transmitted ID (for examples, Android ID, IMEI, IMSI, etc.) and location data to the outside Among them, 167 applications do not have a process of the authorization for use, and the transmission of information to the outside is not fully explained. Purposes of Collecting User Information and its Actual Usage The following are possible purposes for collecting user information collected by apps 1) Apps use collected information for the purpose of providing own service services (in many cases, users are able to use highly-convenient services without inputting user information due to the collected and stored information) 2) App providers use collected information for future service development and market research 3) Information collection service providers collect user information such as location data or smartphone-associated IDs (Android ID, subscriber ID, IMEI, IMSI, etc.) and use it for advertisement services or market research purposes. 4) User information is acquired for future use, although the purpose is not clear at the point in time for information collection.

17 Structure of the Guideline for Handling Smartphone User Information 16 Anxiety of users regarding user information should be eliminated voluntarily by responsible business actors. The Guideline provides the principles to which a variety of different stakeholders (including app providers who do not take part in the industry associations) can refer to. Taking into account the status quo of the industry, the industry is encouraged to make their industry-specific guidelines by enriching and further developing the principles proposed in the Guideline. General 1. Fundamental 1 Ensuring Transparency 4 Ensuring Proper management of User Information Provisions Principles 2 Securing the Opportunity of User Participation 5 Properly Handling Complaints and Requests for Advice 2. Target 3 Ensuring Data Collection through Proper Means 6 Privacy by Design 3. Definition Speicific Issues 1 Measures Undertaken by User Information Acquirers (e.g., Apps provider, information collection modules providers, advertisement delivery service providers) (1) Making Privacy Policy A privacy policy including the following items should be created for each app and each information collecting module. Such privacy policy should be easily understandable and a simplified version should also be made available. (Items to be included) 1 Name of the apps provider who acquires personal information; 2 Details of the personal information to be acquired; 3 How to acquire such personal information; 4 Specifying and explicitly explaining the purpose of acquiring personal information *1 User consent: User consent must be obtained, especially in the case of high-level privacy information (e.g., contact list, location information, and communication logs). *2 User participation: how to stop apps acquiring user information should be clearly explained. (2) Proper Management of User Information Measures should be taken to detour user information from leakage, loss, and damage. 5 How to notify and disclose privacy policy, and acquire user consent, and how the user participates are ensured*1, 2; 6 Whether or not the acquired information is to be transmitted to the third party; whether or not it is transmitted to information collecting module providers; 7 Contact point for queries; and 8 Procedure for changing privacy policy (3) Special Instructions regarding Information Collection Module Providers Notification should be sent to apps providers regarding (i) Details of personal information to be acquired, (ii) purpose of acquiring it and (iii) whether the information is to be provided to the third party or not. 2 Measures Undertaken by Other Relevant Business Actors (1) Mobile network operators and mobile terminal providers encourage apps providers to properly handle personal information; they are encouraged to set up a contact point for user query and be involved in awareness raising activities. (2) Website operators for apps distribution and OS providers: Similar to the above, they are encouraged to provide sufficient explanation when OS is required to provide permission for personal information to be acquired and transmitted externally. (3) Other relevant operators: the website that makes recommendations for a wide range of apps is a good source of information.

18 Guideline for Handling Smartphone User Information: Fundamental Principles 17 1 General Provisions To develop an environment in which users can use smartphones and services provided through them in a safe and secure manner, all the relevant business players are required to appropriately handle user information, thereby securing users trust in the provided services. (e.g. Providing sufficient explanation to users and ensuring transparency of services; ensuring substantive opportunities for user participation) Fundamental Principles 1. Ensuring Transparency Users should be notified of the details of the target information, its utilization and opportunities for user participation in case personal information is collected. Otherwise such details should be placed where that they are easily noticeable. In case of notifying users of the collection of their personal information, announcing it or acquiring consent from users, such notification, announcement and acquisition should be conducted in an easily recognizable and understandable manner. 2. Securing Opportunities of User Participation Relevant businesses operators should notify or disclose necessary details in case of collecting personal information (e.g., information to be collected, purpose of information usage, and a range of information that is to be provided to the third party). Users should be able to know how to stop personal data being collected and how to get involved in the process. 3. Ensuring Personal Data Collection by Proper Means Relevant businesses acquire target personal information by proper acceptable means. 4. Ensuring Proper Management of User Information Relevant businesses take necessary and proper measures in order to prevent targeted personal information from leaking, being lost or damaged, etc. 5. Properly Handling Complaints and Request for Advice Relevant businesses are required to respond to complaints and requests for advice regarding personal information. 6. Privacy by Design When designing new apps and services, relevant businesses should take into account how personal information should be handled and ensure personal information and privacy be protected and respected. They should well recognize the protection of personal information and privacy needs to be enhanced. From the users perspective, apps and services should be designed and developed in a user-friendly manner.

19 Guideline for Handling Smartphone User Information: Specific Issues (1) 18 2 Specific Issues (1): Measures undertaken by Apps Providers, Information Collection Module Providers etc. 1. Creation of privacy policy The privacy policy that indicates the provisions below should be created, and displayed or hyper-lined in a easily recognizable and referable manner. (A simplified, summarized version should better be created and posted on smartphone screens. 1) Names of apps providers who acquire personal information: Indicate names and contact details, etc. of apps providers. 2) Details of the personal information to be acquired: List items and contents of acquired user information. 3) How to acquire personal information: Indicate whether personal information is acquired by users input or whether apps automatically collect personal information stored in smartphones. 4) Specifying and explicitly explaining the purpose of information usage Indicate whether user information is used for the purpose of service provision or for other purposes. In particular, if the information is used for advertisement or marketing purposes, it should be explicitly noted as such. 5) How to notify or disclose privacy policy, how to acquire user consent, and the way of user participation Indicate how to access the privacy policy, from whom the consent for personal data collection is to be obtained, and when the consent is to be obtained, etc. Also indicate the way of user participation and how users can stop their information being used. 6) Whether personal information is to be transmitted to an external third party and whether information collection modules are installed Indicate whether personal information is to be transmitted to a third party. Also indicate whether information collection modules are installed. 7) Contact for user query Indicate a telephone number, address, etc. for user queries. 8) Procedure for changing privacy policy Indicate how to announce changes in the privacy policy (another consent is required if the range of the personal information that was agreed to be collected is changed). 2. Proper management of user information 3. Special notes on information collection module providers Notify apps providers regarding the items and purposes, etc. of the personal information to be acquired. 4. Special note on advertisement delivery services providers Notes on how to behave as apps providers or information collection module providers.

20 Guideline for Handling Smartphone User Information: Specific Issues (2) 2 Specific Issues (2): Measures undertaken by other relevant businesses 19 1 Mobile telecommunications carriers (mobile terminal providers) Announce what users should know through existing channels when selling smartphones. (e.g., difference between classic mobile phones and smartphones, warnings about security and privacy, etc.) Websites on which mobile telecommunications carriers provide apps Urge apps providers to make and publicize proper privacy policies. Support apps providers by providing available resources for making their privacy policies public and raising their awareness about privacy protection. Set up a contact for user queries as well as consider how to respond to the cases in which apps collect personal information without sufficient explanation or in an inappropriate manner. Consider better design of services provided through smartphones depending on user literacy as well as address better awareness-raising measures in cooperation with mobile terminal providers. 2 Website operators for apps distribution and OS providers Urge apps providers to make and publicize proper privacy policies. Support apps providers by providing available resources for making their privacy policies public and raising their awareness about privacy protection. Set up a contact point for user queries as well as consider how to respond to the cases in which apps collect personal information without sufficient explanation or in an inappropriate manner. Constantly provide users with sufficient explanation when OS asks permission for personal information collection. (When special attention needs to be paid depending on the purpose of data collection, operators should consider necessary measures for users to be able to use the apps distribution website in a safer environment.) 3 Other relevant business actors Users sometimes make use of websites that provide them with recommendations on good apps. Such websites are a good source for users to decide which apps to select. Those who operate such websites should consider posting the summary of their privacy policies and address how to respond in case they have found apps whose way of collecting personal information or explaining about such data collection is inappropriate. They are expected to cooperate with other stakeholders with their eyes on the principles articulated in the Guideline.

21 Measures for Effective Implementation of the Guideline 20 Relevant operators are encouraged not only to act properly with reference to the Guideline for Handling Smartphone User Information but to take the following measures for better and more effective implementation. Creating industry-specific guidelines Implementation of the Guideline for Handling Smartphone User Information Creating the mechanism for verifying apps through a third-party institution Information sharing about apps developers through the websites operated by apps distributors Considering better display depending on the size of smartphone screens Follow-up measures - Follow-up and announcement of the progress regarding the measures undertaken by relevant business actors - Follow-up about the progress of the measures relevant business actors have undertaken in order to implement the Guideline at the meetings of the Study Group on Consumer Issues with ICT Services or other venues - Flexible response to new technology and services

22 Promotion of the development of industry-led guidelines and cooperation among relevant industries In order to develop a safe and secure environment for users to use smartphones, it is essential for relevant actors to undertake measures suggested in Smartphone Privacy Initiative, including developing a privacy policy for each application or information collecting module and Guideline for Handling Smartphone User Information. It is therefore important for relevant industry groups to make a model privacy policy and industry-led guidelines that define how to install safety and security measures for the protection of user information by taking into account the actual situation of each industry. Hereby the council is set up to promote the information exchange and cooperation among relevant industries. Smartphone Privacy and Security Council (SPSC) Planned activities Exchanging information and understanding the current status regarding model privacy policies and industry-led guidelines that are discussed in relevant industries Sharing challenges in undertaking the measures based on the Guideline for Smartphone User Information and providing necessary support, as well as promoting cooperation among industries Members Members: Industry groups that are planning to address and develop industry-specific guidelines for privacy on smartphones, industry groups and organisations that are related to handling user information on smartphones Academics (Dr. Fumio Shimpo, Associate Professor at Faculty of Policy Management, Keio University, Mr. Ryoji Mori, Lawyer at Cyber Law Japan Eichi Law Offices) Observers: Relevant Ministries (Ministry of Internal Affairs and Communications, Ministry of Economy, Trade and Industry, Consumer Affairs Agency) Relevant operators (mobile telecom carriers, advertising agencies, operators of application review websites, etc.) Schedule (tentative) October 4, 2012 First meeting of the Council December Consolidating the current status and measures of each industry

23 Promotion of International Collaboration 22 Privacy issues needs to be tackled globally in cooperation with a variety of business and governmental actors because apps and platforms for smartphones are developed and supplied globally. In order to effectively assure effective handling of user information, international cooperation is essential. 1.Promotion of bilateral and multilateral cooperation Collaboration with: U.S.: U.S.- Japan Business Dialogue on the Internet Economy etc. EU Countries: bilateral policy dialogues, etc. Contribution to multilateral frameworks such as OECD Sharing fundamental awareness about the issue, sharing each other s experiences and best practices, and globally harmonizing codes of conduct for relevant business players 2.Awareness-raising and information sharing through international organizations Making use of workshops and symposiums held at ITU, APT, APEC, etc. Sharing challenges concerning privacy as well as best practices. Policy coordination among different countries and international standardization 3.Promotion of international cooperation with private organizations Promoting corporation with private organizations in order to tackle concerns about privacy with a view to enhance child protection Sharing challenges and best practices 4.Putting forward Japan s Smartphone Privacy Initiative Translating relevant domestic proposals into English and sharing them with other countries Cooperating as early as at the policy-making stage and internationally harmonizing codes of conduct for relevant operators

24 4 Enhancing user literacy: Smartphone privacy guide

25 Information Sharing and Awareness Raising for Users 24 Smartphones should be accessible and easily usable for a wide audience, ranging from children to the elderly. It is necessary for relevant actors to provide and share necessary information and to raise user literacy Fundamental Principles Who Whom apps providers, information collection module providers, OS providers, website operators for apps distribution, mobile telecommunications carriers, mobile terminal providers and advertisement delivery services providers, etc. users, including children and the elderly Operators side Apps providers, information collection module providers Providing privacy policies that are written in a simple and understandable manner Mobile telecommunications carriers, etc. Explaining the details of the necessary information in an easily understandable manner Examples Website operators for apps distribution and OS providers Awareness raising for apps providers, providing easily recognizable measures, such as pop-ups Security Vendor Warnings about apps that contain Malware, etc. Industry Organizations Creating awareness-raising materials written in a better and simpler manner, posting necessary information on HPs, and dispatching lecturers to consumer organizations How What in an easily understandable and simple manner features and service structure of smartphones, better handling of personal information, information sharing for better security environment for children and the elderly User side Consumer Organizations, etc. Dispatching lecturers to enhance consumer awareness, signaling warnings about free apps Schools and parents Sharing relevant information through lectures and other gatherings Government Making public the policy package of the Promotion Program for Safe and Secure Use of Smartphones Awareness-raising in cooperation with local governments, schools, parents, relevant industries and organizations Follow-up on a regular basis and respond to challenges properly

26 Promotion Program for Safe and Secure Use of Smartphones 25 In the midst of the rapid spread of smartphones, the MIC will comprehensively promote the following measures to promote the provision of necessary information to users, have related parties appropriately address problems related to privacy and information security, and develop an environment where users can use smartphones safely and securely (announced in September 2012.) 1 Nationwide expansion of comprehensive and concentrated awareness raising activities about smartphones (1) Nationwide expansion of comprehensive and concentrated public awareness activities in collaboration with relevant business operators, consumers organizations and PTAs etc. Information to be provided: basic matters on smartphones, matters on privacy, measures for information security, and matters to be known by youths, guardians and the elderly. Concrete efforts: (ⅰ) development and use of understandable tools for awareness raising activities (ⅱ) comprehensive awareness raising activities through the use of various media (2) Implementation of intensive awareness raising activities especially for high school students, where smartphones have rapidly spread. (ⅰ) Intensive awareness raising activities in collaboration with high school PTA etc. (ⅱ) Support for building frameworks in local communities which promote awareness raising activities 2 Support for development of a safe and secure environment by business operators relating to smartphones Relevant operators will make efforts to address the issues clarified by the investigation results so that an environment for safe and secure use of the Internet is developed. (1) Promotion of adopting measures by relevant business operators Support for creation of models of industrial guidelines or privacy policies in accordance with Guidelines for Handling Smartphone User Information by relevant business-operators and organizations. Approach to operators of application providing sites, etc. by relevant organizations, and necessary cooperation for provision of information to vocational schools, etc. that handle development of applications. (2) Cooperation to investigation of application verification mechanism by a third parties. 3 Development of a safe and secure environment for young people and the elderly Promote development of a necessary environment because smartphones are rapidly spreading among the elderly as well as young people (1) Development of an environment for the use of young people 1 Improvement of filtering for smartphones 2Creation and use of ILAS (2) Development of an environment for the use of the elderly 1Promotion of careful provision of basic information on a contract 2 Support of awareness raising activities for the elderly

27 Smartphone Privacy Guide (ⅰ) 26 Although user information on smartphone should be handled properly by related business operators, using smartphone requires self-responsibility in some aspects. It has be compiled that the matters of which users themselves should take note so that users are able to use smartphone with a certain sense of security even at this time. 1 Please understand a service structure over smartphone Services related to smartphone are not only provided by mobile phone carriers. A number of business operators such as application providers and operators of application provider sites play own roles and provide services. Smartphone enable you to choose to download and use various applications. Some free applications make profits by gaining advertising revenues, etc. from advertisers. In this case, user information may be transmitted to business operators of information collection and advertisement delivery through a program called information collection module incorporated in applications. Contents service layer Platform layer Apps providers & individuals Website operators for apps distribution OS providers Structure of Smartphone Services App. Sites Browsing App. Application provision sites of device manufacturers App. Application provision sites of mobile telecommunications carriers App. Application provision sites of OS providers App. Application provision sites of contents business operators Provision of information collection modules Advertise ment Ad. Service providers Advertise ment Information collection providers Advertiser Network layer Mobile terminal layer Mobile telecommunicat ions carriers Mobile terminal providers WiFi WiMAX Smartphone 3G network Downloading apps User Information User

28 Smartphone Privacy Guide (ⅱ) 27 2 Please obtain information on reliability of applications by yourself and try to understand it Smartphone accumulate various user information such as contact lists including phone numbers and mail addresses, call logs, website browsing history, application usage history, location information, photos and motion pictures, etc.. If you install any application in your smartphone, such information may be utilized for providing services, transmitted to advertisement delivery business operators, etc. or used for displaying advertisement according to your interests and taste. If you have any anxiety over privacy as for user information may be collected, transmitted and used, you need to obtain information on reliability of the application by yourself and try to understand it. You are able to refer to evaluation sites and user comments on application provider sites. It is important to avoid using the application if you have any anxiety about privacy. You can use application provider sites which mobile phone carriers or terminal venders has confirm safety of applications as necessary. Principal user information on smartphones A B C 5678 Call logs Location data Contractspecific ID Contact data Smartphone Information on images and pictures History of Internet browsing History of SNS usage Information on use of apps Information on use of games Information of search for stores Purchasing History

29 Smartphone Privacy Guide (ⅲ) 28 3 Please confirm a screen of authorization for use user information To confirm reliability of applications, it is beneficial to know what for user information is collected and whether or not user information is collected more than necessary. A screen asking your authorization for use of user information may appear when you download or use (activate) an application. In other cases, terms of use or privacy policy of the application have been prescribed and publicized. Please try to check the range of user information collected in the screen of authorization for use or terms of use and consent and use after you understand the content. Example of the actual screen that asks whether users allow apps to get access to their information <iphone> Introduction page of individual application <Android OS> Confirmation of permissions the application use Start in install the applications A detail of the permissions (Ex.:Telephone/Call) Scroll below This area for explanation about the application is filled in by the application developer freely.

30 Three Recommended Actions for Smartphone Information Security 29 Three Recommended Actions for Smartphone Information Security ~ Minimum information security measures to be taken by users ~ 1) Update the OS Smartphones require OS update. Using older OS will increase a risk of virus infection. Install updates in your smartphone when you receive a notification. 2) Check whether your smartphone needs anti-virus software Applications containing virus have been discovered. Mobile phone operators and other related operators provide anti-virus software for each smartphone model. Consult with these operators for using anti-virus software. 3) Download applications with caution There have been cases where applications containing virus are found at application markets that do not fully screen applications. Use the application markets where OS providers and mobile phone operators conduct safety examination. Pay attention to functions and terms of use of when installing applications

31 Public Relations on safe and secure use of Smartphone MIC NEWS April 2012) Public Relations Office(GOJ) Smartphone Information Security MIC NEWS June 2012) Public Relations Office(GOJ) Smartphone Information Security Telecommunications Services Q&A (Information for Consumer) 30

32