Experts Reaction On Ipsos Mori Internet Survey Could Be A Privacy Risk For UK Consumers

Bit of a different “news story” but we’ve picked up a story on Twitter that could have some worrying privacy implications for UK consumers. Ipsos MORI is sending out mail to get UK residents to take part in an “exciting new research study that looks at how people in the UK use, consume and interact with the internet.”

To take part, they’re asked to go to a website from their smartphone, computer or tablet to download the app which then asks users to allow the app to make and manage phone calls, access the location and allow it to record audio. It also requests to install a root certificate to the device. They are to do all this for an initial £20 in points and an additional £5-£10 in points per month thereafter.

Experts Comments

December 02, 2020
Christoph Hebeisen
Director, Security Intelligence Research
Lookout
The Ipsos Iris Blue app permits the operator to access all network communications of the device it is running on including content protected SSL/TLS encryption (with the exception of traffic used by apps using correctly implemented certificate pinning). In addition, the app can access all content displayed on the device screen. A user might decide for themselves that they are willing to grant a third party this level of insight though it is doubtful that many would if they fully understood all.....Read More
The Ipsos Iris Blue app permits the operator to access all network communications of the device it is running on including content protected SSL/TLS encryption (with the exception of traffic used by apps using correctly implemented certificate pinning). In addition, the app can access all content displayed on the device screen. A user might decide for themselves that they are willing to grant a third party this level of insight though it is doubtful that many would if they fully understood all the privacy implications. However, if a personal device running this app were used for work it could easily expose confidential documents and data to the operator, who has no commitment to the employer of the device's user. As a result, this app could expose both the user and possibly their employer to significant legal risk.  Read Less
December 01, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
People need to remain constantly vigilant to protect their cyber security and privacy. While it's true that most attacks against individuals will come via phishing emails, that doesn't mean they won't be approached via phone calls, SMS, or in this instance via regular mail. While the intent of the market research organisation may be genuine, the fact is that by installing the software and participating, users are rendering all of their device security useless. People should always be wary of .....Read More
People need to remain constantly vigilant to protect their cyber security and privacy. While it's true that most attacks against individuals will come via phishing emails, that doesn't mean they won't be approached via phone calls, SMS, or in this instance via regular mail. While the intent of the market research organisation may be genuine, the fact is that by installing the software and participating, users are rendering all of their device security useless. People should always be wary of anyone that asks them to install software, particularly if it involves accepting or bypassing security notifications. With this particular offer, people are incentivised by the potential of gaining £5-10 a month in points by participating. This is no different from the old methods of asking for people’s passwords in exchange for a chocolate sweet. People need to remember that their data and personal information is worth a lot more than £5 a month and should not compromise their privacy for such a trivial amount.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.