Privacy has been part of the Mobile Security discussion for some time now. In fact, privacy and security were both highlighted as one of the top five themes at Mobile World Congress (MWC) this year.

We and many other security providers have been offering privacy tools (like our HMA Pro VPN) for a while, however the focus and discussion around privacy was heightened this week.  It was partially spurred by the Apple/FBI iPhone security discussion but was more robust than just that single (albeit interesting) data point.

There was a great turnout to both the Putting Privacy at the Core of Digital panel and to our partner event focused on Mobile Security Threats.  At the panel there was a consensus that the “war on privacy” was reaching a boiling point.  More and more users are becoming aware of the trade-offs and looking to take action.  We can see this in the uptake of Ad Blockers, which is partly motivated by privacy, and also from numerous studies showing increased awareness.

It is well known that people will share their data in exchange for services.  The issue is that not all of the sharing is known, transparent, or controllable. Services from Meeco are working to make the tradeoffs more accessible to users; Telefonica labs have some interesting tools under development, and Facebook continues to build their products around core privacy principles.  Given AVG’s position in the ecosystem, we often see the less desirable sides of unintended sharing. While our VPN and privacy tools are a great start, we have more work to do, both in educating users and with giving them more control.

Whether or not a “personal data economy” will evolve is still an open question, but the experimentation around the idea is very healthy. I emphasized that we need to make solutions much easier for consumers and that providers need to embrace a federated and distributed structure – basically, the ability for end users to move their data and their “trust provider” at will, without a lot of friction.

At our event titled, “Mobile Threats: Fact or Fiction”, Telefonica, Verizon, TCL, and Sony presented their views of mobile security and privacy, and then we participated in a panel discussion.  Network providers are in an interesting position in that they see a lot of data and also have regulatory checks and balances in place.  With the balance between those two, they have the opportunity to become “trust brokers” for their user bases.

Consumer product development companies are looking to build privacy controls deeper into their products, and ensure that permissions and data flows make sense for users.  Of course, with the Internet of Things (IoT) we end up with a plethora of operating systems, connectivity options, data flows, and business models.  With no standardization in sight, security companies will have to develop comprehensive solutions that can address issues across many different technologies.  In order to act on all of this IoT data, security solutions need to be in the data flow. AVG’s relationships with carriers, combined with our VPN and our work in router solutions, puts us in that prime position.

There is a general consensus that users will not adopt IoT as quickly if security and privacy are not addressed, and rightly so. It is a complicated problem, spanning identity, authentication, malware, permissions, and data usage. We do not yet have a good framework for looking at all of these, but there are encouraging signs within each specific area, so that better protection is in sight.