When you think about it, modern smartphones are nothing short of remarkable. You can get an app for almost everything; games, sat-nav, barcode scanners, video calling – there’s hardly an area that isn’t covered these days. You’ll also find that vast majority of apps are free, which makes you wonder how developers are able to continue financing them.
It’s no secret that advertising plays a big part in free apps, and some offer paid versions which are ad-free. On the other hand, what about apps that don’t use advertising? In these cases the flow of money is hidden from view, and sometimes involves the sale of private data.
So, what kind of data facilitates app revenue? What is so interesting about private information that would make a company want to purchase it? Again, advertising comes into play here, however it’s not always the usual annoying pop-up ads. The combination of a name, telephone number and address is certainly worth something to companies, with some prepared to fork over high sums of money for a large amount of data. If a profile of someone has been built up over time (search queries on Google, Amazon purchases, travel website bookings), clever algorithms can be used to predict user activity and advertise to them accordingly. The success rate of this type of advertising is very high, but how do these personalised ads collect our information in the first place?
When it comes to smartphones, companies aren’t collecting our data via illegal means such as hacking or malware. In fact, we ourselves give app developers permission to access our personal data.
Permission to install
Go to the Google Play or Apple store and try downloading an app – you’ll be asked to give it certain device and data permissions before you can install it. For example, if you downloaded a photography app you’d obviously need to allow it to access your camera, same goes for satellite navigation apps that will require access to your GPS signal. But what if you downloaded an alarm clock app that asked permission to access your photos, camera and microphone? What about if a free gaming app wanted access to your texts and your contact list? This should serve as a warning signal that the app you’re trying to download may be accessing your personal data that bears no relevance to its function. With these permissions, the company that developed the app can usually send this data to its servers whilst the app is running – check the Terms & Conditions and you’ll usually see a statement about it.
Further analysis on this topic was conducted by the Centre for European Economic Research, who looked specifically at downloads from the Google Play store. Their results showed that that half of the 136 apps they tested could only be installed if access to sensitive information was granted. Furthermore, 14 of them were regarded as problematic in terms of privacy protection. You can find the full study here.
Access rights explained
Different apps request different access rights, but what consequences do they have in everyday situations? You might also be asking why some apps need so many permissions in the first place. With that in mind, let’s take a look at the most common app requests for personal information and what they actually mean.
With this privilege, apps can make and receive calls. This is understandable for some apps such as Skype, however if an app with nothing to do with telephone calls asks for access to this then you should probably think twice about it.
This allows an app to send text messages. Malicious apps could complete subscriptions via SMS and result in increased phone bills. Like the phone access, this should only be authorised if you really trust the app and where it has come from.
When you grant an app these permissions it can access your device storage and read, edit and delete data. This is obviously necessary for cloud storage or file sharing apps like Google Drive or Evernote, but generally speaking many apps require this permission to store settings. Internet access will also be required in order to upload files to the web or to cloud storage.
This allows an app to access the contacts stored on your device. Apps like WhatsApp or Skype, address books and social networks need access to this, but it’s usually unnecessary for other apps.
Device and app history
With this permission an app can track smartphone usage activity in real time. This may be required in order to send bug and crash reports to developers.
Navigation and location-based apps such as Google Maps and Uber would need access to your GPS location in order to provide their services. However, be wary that the data sent could create motion profiles showing exactly where you have been at any given time… it’s a bit creepy when you think about it!
This allows apps to identify which user accounts exist on a device and how they are connected. Apps with this permission are allowed to read and modify your contact card, which usually includes your phone number and a picture.
Whilst this is a requirement for most social networking apps like Snapchat and Instagram, it’s not for many other types of apps. Think twice about you’re installing – malicious apps might be using these permissions to spy on you without you knowing!
Keep calm and check permissions
Before you install an app, it is very important to read exactly what authorisations or permissions are required. If these seem superfluous, another app should be selected. After installation, you can also find out about the necessary permissions of your installed apps in the application manager (for example, if you use WhatsApp take a look at the long permission list it has).
In general, one should consider whether it is not a better idea to pay the small amount for a paid app, which usually eliminates the potential problem of free apps using (and sometimes abusing) your data. At the very least, it’s better to be safe than sorry and ensure that any app you download comes from your device’s official app store, such as iTunes or Google Play.
What precautions do you take to ensure the safety of your mobile data? Have you encountered any apps that ask for unnecessary permissions? Let us know by commenting below, or tweet @DrDataRecovery