What is your mobile phone sharing without your knowledge?
New research has illuminated a really interesting, and somewhat disturbing, fact of modern life: there’s no such thing as privacy in the age of the smartphone.
Tech security company Symantec downloaded the top 100 free apps listed on Google Play and Apple’s App Store on 3 May 2018. Then they looked at two things:
- How much personal information was the user sharing with the app; and
- Which smartphone features did the app access?
Of course, apps need to access various parts of your phone in order to do their job – you couldn’t use Uber without revealing your location, or Instagram without accessing the camera – and most apps ask for the user’s permission to share information or access phone features. But what about apps that request permission to access information and features that they have no business accessing?
If the app is free, you might be the product
Some apps just ask for way too much information, well beyond what they need to get their limited job done.
One of the apps highlighted by Symantec for its excessive use of permissions was the Android flashlight app “Brightest Flashlight LED – Super Bright Torch”, which has 10 million installs. Included in the list of permissions it sought were:
- precise user location
- access to user’s contacts
- send SMS messages
- permission to directly call phone numbers
- permission to reroute outgoing calls
- access to camera
- record audio via microphone
- read/write contents of USB storage
- read phone status and identity.
Symantec noted that the app did contain some features which necessitated certain permissions; for example the ability to make it flash in different ways when the user receives incoming calls or texts which would need access to calls and messages. But it’s hard to see why a torch app would need to know your location, contacts and contents of your storage; nor why it would need to reroute outgoing calls or access you camera and microphone.
Social media integration
Then there’s the apps that integrate with your social media accounts, either to assist you in managing your login (and thus avoid adding yet another password to your digital life) or so you can post and share content.
This linked relationship allows the app to collect data from your social media account, while the social media service collects data from the app. Remember the Facebook and Cambridge Analytica data scandal? That’s the cynical endgame. The reality is that if you allow your apps to link up with social media then you’re sharing a massive amount of personally identifiable information (PII) with unknown parties. Think: email addresses, mobile phone numbers, location, home address, relationship status, family structure, date of birth – and a whole lot more.
Guarding your privacy
Remember: most app developers are just trying to make a living like everyone else. If their product is free, you may be the product so you’ll need to take extra care in protecting your privacy.
Before you install an app:
- Read the permissions required for the app.
- Think about why an app needs the permissions it requests. If the permissions seem excessive, ask yourself if it’s likely they are there simply to acquire data about you.
If you’ve already installed the app:
- In the case of Android apps, you can remove unnecessary permissions by going to the Settings menu and then clicking on Permissions. Removing permissions may cause a poorly designed app to stop working. Well-designed apps will indicate if they need a permission when you attempt to perform the function that requires it.
- In the case of iOS apps, you can remove unnecessary permissions by going to the Settings menu and then clicking on Privacy.
And finally, try to avoid signing into apps using any of your social media accounts.
The infographic below analyses how much personal information is being gathered by the top 100 apps on Google Play and iTunes.
If this article has inspired you to make some changes with your apps and PII security, you should speak to your friends and associates, too. Your online privacy depends as much on your friends data habits as your own.
Stop using your Google and Facebook accounts as login fodder, here’s how I remember over 100 passwords.