Top 3 privacy risks of mobile apps

Mobile apps are an essential part of modern life. From the moment we wake up, we use a range of apps to check our emails, catch up on the news, stream music and organise our day. And while they’ve become a permanent fixture in our routines, smartphone apps harvest and hold reams of our personal data.

Here are some of the top privacy concerns surrounding mobile apps and why you should be cautious when downloading them onto your device.

1. Sensitive data tracking and permissions

Our phones collect a lot of information about us that is considered “sensitive” by major data protection legislation such as the General Data Protection Regulation (GDPR).

For example, social and dating apps are places where users openly share information about their religious beliefs, political opinions, ethnicity and sexuality. Health apps collect information about your medical history, and apps that use facial recognition would collect biometric data.

While most app owners require such information to provide their services, there is always the risk that this data could be leaked. Whether intentional or not, this could have serious real-world impacts on human rights and freedoms.

Besides the threat of having the intimate details of your private life exposed through an app, you could also be under constant surveillance through certain data permissions. Many apps ask for access to your camera, microphone, messages and to track your location in order to provide a given service.

However, not all are as upfront about the extent that users are tracked, and some don’t even require such permissions to perform their given functions. Worryingly, one recent study of VPN apps showed that more than 60% asked for “dangerous” permissions that weren’t functionally necessary.

2. Third-party data sharing

In order to provide their services free of charge, many apps share your personal data with advertisers or sell it to other third parties. While this has long been common practice, major scandals like Facebook’s data-sharing deals with Cambridge Analytica have revealed the full extent of these practices, often conducted without user knowledge or consent.

Besides being a clear violation of trust, users may be exposed to further violations of their privacy by third parties that they have no knowledge about, let alone their track record of protecting user privacy.

3. Malicious mobile apps

Apps are commonly used as a vector for malware and adware. According to a recent study of 1.2 million Android apps by The University of Sydney and the Commonwealth Scientific and Industrial Research Organisation (CSIRO) in Australia, 2040 apps were identified as counterfeits which contained malware.

A popular tactic that malicious developers use is to make “copycat” apps that look almost identical to popular apps, which a user would download and unknowingly give access to their phone’s data. Once the malicious software has embedded itself, it can create vulnerabilities in a phone’s security, harvest and leak data to external sources or display unwanted ads.

What privacy laws are in place for mobile apps?

To protect user privacy, both lawmakers and app platforms have introduced a range of regulations that mobile app developers must comply with. In the US, laws such as the California Online Privacy Protection Act (CalOPPA) and California Consumer Privacy Act (CCPA) requires any app that collects personal information about Californian residents to have a privacy policy that clearly explains what data they collect, how they collect it and why it’s necessary, amongst other disclosure requirements.

Before an app can be published on the App Store or Google Play Store, the owners must include a link to their privacy policy and terms of service in their listing and within the app itself. While the aforementioned laws don’t require user consent prior to collecting their data, app owners must notify users of their right to opt-out of their data being shared and sold to third parties.

The GDPR, however, has even stricter requirements. Under this law, app owners must get informed user consent prior to collecting any personal data. Under this law, users also have the right to request access to the data collected about them; request the deletion of this data; and request a copy of this data to reuse for their own purposes.

Overall, app developers must be transparent about their data collection and privacy practices and have adequate security measures in place to protect people’s personal data.

In an industry that has gained intense scrutiny in recent times, there are harsh penalties for failing to comply with the law and respect user privacy. As a user, it’s always worth double-checking the credentials of an app developer, their privacy policy and terms of use before downloading an app to your phone. While an app may look innocent on the surface, it pays to be cautious of any tool or service that has access to your data.

Get your app ready for launch with a transparent privacy policy.

Use GetTerms’ free mobile app privacy policy and terms of service generator to get started. Create your app privacy policy now.