Mind the Gap: Exploring Users' Unaddressed Privacy Concerns on Mobile Devices

In this interview, we will look at the personal data stored on users' smartphones and explore the challenges users face, the need for enhanced transparency, and the importance of genuine privacy solutions. 

Today I am speaking with Eran Karpen, Co-founder and CTO of Unplugged, and we'll also look at his challenges while developing a privacy-focused smartphone startup.

So, let's dive in and uncover the hidden aspects of privacy and security in the smartphone world.

Tell us about yourself and your background.

I am a father of 3 and an entrepreneur at heart. I’m a veteran of unit 8200, the elite technology intelligence unit in the IDF. I hold a BSc in computer science from the Technion University in Israel.

In 2009 I founded CommuniTake, a company focusing on mobile security solutions for governments and enterprises. I was the CTO of the company for 12 years, leading it to become a world-class leader in secure mobile solutions. Its technology is being used in healthcare, defense, and various industries. 

What are users' blind spots regarding privacy and security on their phones?

In today's world, smartphones have become essential to our lives. We store all kinds of information on our devices - financial, medical, and social data are readily available. This information is valuable, extremely so. 

For this reason, phone manufacturers and app developers are monetizing your private data. While users might believe they have control over their data and operating systems have made strides towards privacy and notifying users about the types of information collected by apps, the truth is that users don't have genuine control. 

They don't fully understand how their data is used since app terms and conditions can be confusing. Moreover, applications also use third-party libraries and advertising tools that collect your information.

Operating systems’ built-in apps are also guilty of data collection, providing even less transparency to the user about the information collected and its usage. 

The situation is becoming more concerning as your data is stored on third-party servers and exposed to employees of these companies who might misuse it or hackers who could breach these servers.

Do the current regulation and privacy policies help mitigate the problem?

Fortunately, awareness of privacy issues in recent years has led to some major regulatory attempts to mitigate the problem, such as the EU’s GDPR. GDPR requires companies to obtain user consent and be transparent about gathering and using personal data. 

However, there is still much more to be done. We all know what our user experience looks like today when it comes to granting consent—annoying pop-ups and verbose terms and conditions that no one reads, so they have no choice but to hit “Accept.”

Even with regulation, the result feels the same. Users have no clear idea of the information gathered on them and how companies use it. The difference is that now the companies have their “approval” to do so. Sometimes, it can feel more like coercion than true consent.

New laws are being introduced at the state and federal levels to protect consumers' data. For example, several states, including California, Virginia, Colorado, Connecticut, and Utah, have introduced or updated data privacy laws that will come into effect in 2023. 

Moreover, the American Data Privacy and Protection Act (ADPPA) has been proposed at the federal level, which could eventually standardize data privacy laws across states. 

What can be done better?

Phone manufacturers and app developers need to enhance transparency regarding collecting, using, and sharing user data. Until recently, applications could automatically share the user's ad identifier with other apps. 

However, Apple and Google have changed this default setting, requiring the user's consent to share the ad identifier. While many people assume that their data is not shared without their consent, they often overlook that this restriction does not apply to the operating system developers, namely Apple and Google. 

These companies are more motivated to collect exclusive data they can access. True privacy can only be achieved when operating systems offer comprehensive and reliable control over the collected and shared data. Unfortunately, this objective contradicts their business aspirations.

Tell us about Unplugged and why you decided to create the company.

Unplugged provides an extensive and secure smartphone solution to protect users from hacking and maintain control over their data. Our comprehensive approach ensures protection across the hardware, software, and network layers. 

The hardware component comprises your smartphone, the software encompasses the operating system and apps you use, and the network covers your cellular network provider and your connection to the network.

With the UP Suite, we offer an application suite with diverse tools to safeguard your day-to-day online activities and communications. Furthermore, we are currently in the final stages of developing our UP Phone smartphone.

As a mobile security expert, I have witnessed firsthand the vulnerability of personal data and understand the necessary measures to safeguard it. In today's world, every individual deserves the right to privacy, and my mission is to provide genuine privacy solutions to all consumers. 

Regrettably, current smartphones lack sufficient security and privacy measures by design, placing consumers in a predicament where their options are limited unless they possess technical expertise or are willing to sacrifice convenience. 

Moreover, consumers are increasingly aware that so-called "free" apps come at a significant cost in terms of compromising their personal data. Unfortunately, there are very few alternatives available for non-expert users. 

That's why we offer an all-in-one suite, available through a subscription, that provides comprehensive solutions to address these concerns.

What have you learned from founding Communitake, and how do you implement it at Unplugged?

As a founder of Communitake, I’ve learned that building a strong team is crucial from day one. I have also learned to draw inspiration and learn from others who walked a similar path. 

The learning curve of a startup can be painful and costly, so insights from experienced advisors are welcome. Unplugged is blessed by its active advisory board, including members who founded and successfully sold their privacy-focused businesses.

Why develop a phone from scratch?

Vulnerabilities in mobile smartphones can be classified into software and hardware aspects, both of which necessitate comprehensive control to ensure optimal protection. 

At the hardware level, it is essential to maintain oversight over all phone components and mitigate potential risks, including those associated with their country of origin. 

Concurrently, developing an independent operating system becomes imperative on the software level to guarantee genuine security and privacy, independent of any reliance on Apple and Google. This approach stands as the sole viable solution.

What are the challenges and benefits of developing both hardware and software?

As a young company, designing a phone from scratch is challenging, but we can have full control over the hardware and add features that don’t exist on other phones, such as our kill switch. 

It is a switch that physically disconnects the battery from the phone, ensuring it is completely turned off. Surprisingly, only a few realize that all popular smartphones today are still actively transmitting data, even while turned off.

From a software perspective, the main challenge is to bring a phone that is not only private and secure but usable. There were some attempts to make such phones in the past, but they all had a common failure: the user experience. We are giving a lot of attention to this part.

How is Unplugged doing right now, and what is its plan for future growth?

These are exciting times here at Unplugged. Our UP App Suite is already up and running, available on our website and in the app stores. The Suite includes a VPN, encrypted Messenger, Antivirus, and the UP application store.

I am especially excited that the first phone prototypes are coming out of the factory. I look forward to showing the device to our community first and then to the general public.

We are currently in advanced conversation with investors that will boost our production capabilities, so we can meet the positively overwhelming demand we are experiencing and deliver the UP phone to anyone who values privacy and security.

In the future, we plan to roll out more applications to join the app suite, to deliver an even more comprehensive surveillance-free experience, such as our proprietary secure browser, email service, storage service, and more.