Facebook and its repeated issues with the protection of private information have people wondering about the security of other apps. Most people have around 75 apps downloaded to their mobile devices. When opened, most of these programs request information from you.
Typically, this includes your full name, email address, physical address, or phone number. While these requests are seemingly benign, there are other pieces of information that can be quite powerful when combined with the above.
Many applications suggest you allow them to access your location, camera, and microphone. There are others that ask permission to access messaging and calling logs.
It is important to note that these requests are rarely if ever, made with malicious intent. In fact, you are theoretically made aware of each bit of information being taken. For example, locations are often used to provide local information or help a ride share service find you. This seems perfectly innocent.
The concern is not that apps are requesting for this useful information but that they may not always have a solid reason to ask for it or are not protecting your information with enough vigor.
The Collection of Personal Information
Some personal information is required for obvious reasons. The most common piece of personally identifiable information (PII) collected is an email address. In many cases, a username is required and can be the full name of the user depending on the type of app.
In rarer cases, apps will require a phone number or even a physical address. As you can imagine, the more information about a person that app has, the more attention should be paid to the security of this data.
The picture becomes even more clear when apps begin to communicate with each other. For instance, many apps interact with social media for the sake of posting seamlessly or inviting friends to join you in a game.
Information is shared back and forth between the social media accounts and the app, with both collecting data from the other. Suddenly, you are now providing an app with far more information than you thought you gave permission for.
Those using an iOS device can feel some sense of security knowing that Apple demands developers request permissions for data collection and provide information about how it is used. Android is not so stringent. Neither can it offer full confidence as they are relying on the inherent honesty of the app creator.
Data from Your Device
Personal information is not the only thing apps tend to ask for. They also request access to different pieces of your iOS or Android device. Your phone camera is often useed by an app, to take photos or scan barcodes, for instance.
While not uncommon, this type of blanket permission can be concerning. When an app has access to areas of your device that provide private details like location, contacts, or phone logs, it is gathering data that could be extremely valuable if it fell into the wrong hands.
The overall frequency of these types of requests shows that Android apps tend to ask for more access than iOS apps do. Both devices feature apps that often request access to the camera, location, and microphone. However, iOS does not allow the reading of text messages or accessing call logs, while Android does.
Use Caution When Granting Permissions
Fortunately, apps allow users to take a moment before granting access to their devices. As discussed earlier, not all requests are some tricky attempt at gaining your private data.
Most often, the app has a valid reason to request permission to see certain information. Some apps would like to alert you when you are near a coffee shop, for instance, and request your location to facilitate this task.
When downloading and installing a new app, it is prudent to consider what permissions make sense. Using the example above, if you do not see the need to be alerted when you are near the coffee shop, then denying the app your location access is reasonable.
Using a little common sense when deciding on granting permissions can go a long way. Consider the app itself, what you need it to do, and who made it before allowing anyone to access your data.
Interestingly, there are multiple instances of Android apps requesting permissions like text and call log access when their iOS counterpart does not. These cases lead us to consider why the same app that functions the same way has different permission requests based on the type of device.
Some Permissions Are Not Necessary
We can conclude that some permission requests are unnecessary. Some requests are seemingly made for the sake of it while some have a purpose that is not useful to the consumer.
Protect your data by eliminating the ability for apps to gather it in the first place. Considering which permissions make sense and denying those that do not can help you safeguard as much information as possible.
Security or the Lack Thereof
It may seem impossible, but there are apps available for both Android and iOS that do not have a privacy policy. It is vital that clear guidelines are laid out explaining what data an app is taking, where the information goes, and how your privacy is protected. If an app does not feature a policy like this, take a moment to consider not using it.
Certificate pinning is an essential security tool that can prevent the interception of communication with the server. The app seeks the security certificate of the server before initiating a conversation.
This technology sounds like a no brainer. However, only a small percentage of the apps available for iOS and Android use it. Some argue that it is not a good idea for developmental purposes, but it is notable that such an effective security option exists and is not commonly used.
The Maze of Privacy Policies
Assuming you have installed an app featuring a privacy policy, you can move toward trying to determine what data the app plans to collect. This is what people call “easier said than done.”
The difficulties begin when apps interact with each other to fulfill their purpose. A solid understanding of the privacy policy of one app does not mean the third-party apps or websites it uses to provide further functions adheres to the same one.
Furthermore, it can be impossible to track down the information, as many third-party apps do not feature a prominently posted policy. Consider declining to use an app that requires a network of other apps, websites, or programs that may be less than transparent about their data collection and procedures.
Keep Yourself Safe
When you realize how much information your apps have about you, it may produce some anxiety. There are several steps you can take to make sure you know who sees your information and that it is kept as safe as possible.
Always review the requests for permission before even installing an app. Consider whether the requests make sense for how you intend to use the app. Does it seem like the app is more interested in gathering information than in presenting concise functionality?
If an app does not feature a privacy policy detailing how they handle your personal information and other data, consider if you really need it. The lack of a policy should be a red flag.
Both iOS and Android allow you to adjust the permissions granted to an app. Take time to review your apps and their access with the intent of limiting permissions where necessary.
If an app requires you to sign in with your social media accounts, take special notice of their privacy policies. Keep in mind that these apps typically share information with your social accounts, meaning detailed information could be transmitted.
And finally, use additional safety measures. You might never know what’s going on in the background, so get an antivirus, set up a firewall, and install a VPN app on your phone. These will alert you if something strange is going on, and keep you safe by encrypting your internet traffic and making you invisible online. This way, no one can track your activities online.
Your Data Is Being Tracked
It would be silly to think that you could use an app without giving it at least some information about yourself. However, it is certainly fair to expect the app and its developers to provide a transparent account of what they are doing with your data.
With the knowledge that your information is being held and used by someone else, pay attention to what your apps are asking you for and why they might be requesting it.