So many people use mobile apps that they have become a normal part of our lives. As the use of mobile devices, especially smartphones, grew, so did the use of mobile apps that help with different things.
From simple things such as calculators, notepads, and alarm clocks to more complex tasks, such as mobile banking, language learning, and online shopping, there is a mobile app that you can use. This is why people install, on average, between 60 to 90 apps on their phones.
But how safe are these apps, and what kind of information do they get from me? This article will discuss how an app tracks user data, what kind of data they track and collect, and what they do with the information they get from users.
- The University Of Oxford Study Reveals Data Tracking And Sharing By Apps
- Personal Information Accessed By Mobile Apps
- Privacy Policies Does Not Cover Everything
- Avoid Giving Unnecessary Permissions
- Checking What Apps Use Data From Your Facebook Account
The University Of Oxford Study Reveals Data Tracking And Sharing By Apps
I read about a 2018 study conducted by researchers from the University of Oxford into almost one million free Android apps that showed that most of these apps contain utilities that enable them to track and send data about users. They found that nearly 90% of the apps send data back to Google.
According to the study, these utilities are placed within the app for various reasons, including monitoring app use and displaying ads. The researchers said that depending on app permissions; these utilities can gain access to information about things like contact lists or location history.
Lead researcher Reuben Binns explained that the switch by most apps towards the freemium model, in which developers and publishers make revenue from ads instead of sales, has caused data sharing to go beyond control.
Data Flow Becoming Uncontrollable
Binns also said that users, regulators, and even app developers and advertisers themselves might sometimes be unaware of how much data flows from the mobile devices to digital advertising groups, data brokers, and intermediaries who buy, sell and blend these user data.
He argued the business model has gone from a legitimate one to something completely out of control and caused the mobile app industry to become chaotic, and users are unable to understand the process, and they are the people most affected by what’s happening.
Personal Information Accessed By Mobile Apps
I also read about a Symantec study that examined what kind of information apps collect and share from their users. In most cases, the company found that the user’s consent is required to share information and grant device permissions to data that is usually related to the app’s function.
Out of the 100 top apps on Google Play and iTunes, the analysis discovered that email addresses are the most commonly shared personally identifiable information (PII) by Android and iOS apps, at 44% and 48%, respectively.
The next most commonly accessed PII is the username (or full name in some cases), followed by phone numbers and addresses. However, it was noted that some apps allow users to log in using social media accounts, which meant that more PII could have been collected.
Risky Permissions Granted To Some Mobile Apps
Symantec pointed out that it is normal for some apps to seek permission to access certain features on a user’s mobile device, such as driving apps seeking access to location services and photo apps needing access to the camera. However, there are some permissions that may be considered risky.
The analysis revealed that the most requested risky permission by the top apps is camera access, location tracking, audio recording, reading SMS messages, and reading phone call logs. While these permissions are considered risky, it doesn’t mean that they shouldn’t be allowed.
Since these permissions are normally required due to a specific reason and function, I can advise you to be vigilant in granting them by asking yourself if the app really needs permission to function correctly.
Privacy Policies Does Not Cover Everything
While app developers implement privacy policies that are made to protect user data, keeping track of what I, as a user, agree to is a difficult task because of certain factors. Some apps that are considered self-contained may still need additional apps or third-party providers to function correctly.
These third-party apps may also be required to provide additional functionality to the base apps, such as installing themes or adding levels to a game. These third-party apps are not usually covered by the privacy policy of the original app you’re installing, and most apps will place a disclaimer about them.
Like with permissions, it is important to be aware of third-party apps and services linked to the app you are installing.
Poor Security Measures
Aside from privacy policies, Symantec also discovered in its study that even with the top apps on both platforms, some have poor security and privacy practices. Surprisingly, 4% of Android apps and 3% of iOS apps don’t even have a privacy policy in place.
Out of the top mobile apps from both platforms, only a small percentage implement certificate pinning whenever a user logs in. Certificate pinning refers to a security measure that protects the app from being intercepted by hackers and makes sure that the app only communicates with its server.
Symantec found that certificate pinning is only used as a security tool by 8% of Android apps and 11% of iOS apps. Apple, on the other hand, says that it doesn’t suggest individual certificate pinning because it could make apps unstable and cause problems.
Avoid Giving Unnecessary Permissions
Now that you’ve learned about the risks surrounding user data and mobile apps, I would like to share some tips on protecting your privacy. Since apps access information about users through permissions, you must avoid granting excessive permissions to apps that you install.
Everything starts with the installation of an app. Before you decide to install a mobile app into your device, make sure that you read the permissions required and determine if those permissions are needed for the app to function correctly.
If it’s excessive, there’s a chance that it’s just for data collection. If the app is already installed, you can go to the Settings menu to remove the permissions that you’ve deemed unnecessary or excessive.
Most well-designed apps will indicate if the permissions you’re trying to remove are required, while poorly designed apps will stop working.
Other Steps To Protect Your Personal Information
Aside from checking the permissions, I advise that you also read the privacy policies of each app you use. If it doesn’t have one, better uninstall it now if it’s already installed, or don’t dare install it if you’ve just downloaded it.
If possible, don’t use social media accounts to register with apps or to sign into them. But in the case that you do, double-check what information the app will receive from that account.
Also, be aware of anything that you share publicly on these accounts since these apps can take hold of this information.
Checking What Apps Use Data From Your Facebook Account
While doing my research, I learned that there’s a way for you to determine which apps are using data from your Facebook account and how to edit the permissions for using them.
Go to the Settings menu in your Facebook app and look for Settings & Privacy to see which apps have access to your Facebook information. Go to Privacy Shortcuts by clicking on it. Check out a few important settings for safety > How you set up your info on Facebook.
Clicking continue will take you to a page that lists all of the apps with access to your Facebook data. Here you can edit the permissions settings and even entirely remove the app’s access to your information.
Checking What Apps Use Data From Your Google Account
As I mentioned earlier, some apps may also allow registration using a Google account. Similar to what we did with your Facebook account, you can also review and edit the permissions you grant these apps to your Google account.
You can use the link to go to this page. You can view the apps connected to your Google account and the permissions they have requested here. Depending on your evaluation, you can make adjustments to permissions or perhaps delete them entirely.
The Bottom Line
Mobile apps are handy tools that make our everyday lives easier. However, I realized that connectivity might sometimes become dangerous as more of my personal information becomes accessible to these apps and their third-party service providers.
Taking the necessary precautions, such as reading the privacy policy and checking the app permissions, should become a norm among all app users. Hopefully, this article helped you become one of the more vigilant app users out there.