Mobile apps are an essential part of modern life. From the moment we wake up, we use a range of apps to check our emails, catch up on the news, stream music and organise our day. And while they’ve become a permanent fixture in our routines, smartphone apps harvest and hold reams of our personal data.
Here are some of the top privacy concerns surrounding mobile apps and why you should be cautious when downloading them onto your device.
1. Sensitive data tracking and permissions
Our phones collect a lot of information about us that is considered “sensitive” by major data protection legislation such as the General Data Protection Regulation (GDPR).
For example, social and dating apps are places where users openly share information about their religious beliefs, political opinions, ethnicity and sexuality. Health apps collect information about your medical history, and apps that use facial recognition would collect biometric data.
While most app owners require such information to provide their services, there is always the risk that this data could be leaked. Whether intentional or not, this could have serious real-world impacts on human rights and freedoms.
Besides the threat of having the intimate details of your private life exposed through an app, you could also be under constant surveillance through certain data permissions. Many apps ask for access to your camera, microphone, messages and to track your location in order to provide a given service.
However, not all are as upfront about the extent that users are tracked, and some don’t even require such permissions to perform their given functions. Worryingly, one recent study of VPN apps showed that more than 60% asked for “dangerous” permissions that weren’t functionally necessary.
2. Third-party data sharing
In order to provide their services free of charge, many apps share your personal data with advertisers or sell it to other third parties. While this has long been common practice, major scandals like Facebook’s data-sharing deals with Cambridge Analytica have revealed the full extent of these practices, often conducted without user knowledge or consent.
Besides being a clear violation of trust, users may be exposed to further violations of their privacy by third parties that they have no knowledge about, let alone their track record of protecting user privacy.
3. Malicious mobile apps
Apps are commonly used as a vector for malware and adware. According to a recent study of 1.2 million Android apps by The University of Sydney and the Commonwealth Scientific and Industrial Research Organisation (CSIRO) in Australia, 2040 apps were identified as counterfeits which contained malware.
A popular tactic that malicious developers use is to make “copycat” apps that look almost identical to popular apps, which a user would download and unknowingly give access to their phone’s data. Once the malicious software has embedded itself, it can create vulnerabilities in a phone’s security, harvest and leak data to external sources or display unwanted ads.
What privacy laws are in place for mobile apps?
The GDPR, however, has even stricter requirements. Under this law, app owners must get informed user consent prior to collecting any personal data. Under this law, users also have the right to request access to the data collected about them; request the deletion of this data; and request a copy of this data to reuse for their own purposes.
Overall, app developers must be transparent about their data collection and privacy practices and have adequate security measures in place to protect people’s personal data.