Right now, it’s popular to use mobile apps to spy on your online activity, collect personal data, and invade your privacy. A clear example of that would be the charge against the popular social network Facebook, the Cambridge Analytica case. We can find a lot of similar cases to this one. As a result of that, a lot of applications have been suspended for violating the privacy of their users.
A short time ago, if someone created an application where it was necessary to authenticate using Facebook, the app had access to a lot of personal information that Facebook collects.
For example Name, surname, birthday, liked pages, the public groups where you belong to, photographs, locations, and even the list of all your friends on Facebook (if you had it published). Too much information was publically available. Facebook users could not realize all the privacy risks that occur by merely signing into another app.
The global user community experienced many more questionable privacy practices, similar to the Cambridge Analytica case. This is the reason why Facebook has now restricted the data to which these applications have access to. No longer can developers get access to such personal data when users sign in with their Facebook id. This is an improvement, but it doesn’t take away the fact that Facebook still has all that information.
Knowing that there are so many cases of privacy violations, do you still trust your mobile apps?
Privacy data that an application can access
The data that an application in Android and iOS are very similar
- Photographs from your gallery
- GPS location (you can request permission to get your location only when you are using the app or also when you are not using it)
- Record audio
- Update information in the background (when you do not use the app, it may be receiving and sending information somewhere in the cloud)
Currently, all applications must explicitly request access from the user to access their information. This was done to let users know the app wants access to this data and the reason it will be using it. In the case of Apple, if you do not specify that correctly, it can be rejected when the developer tries to upload the application to the store.
What are the app stores doing to minimize privacy breaches?
When a developer decides to publish an application, it goes through an approval process. A team examins every app using inspection tools, accelerating the review cycle. Android approvals seem to be less strict, since the average review time from when the developer uploads an application is 30 minutes to 1 hour.
Progress has been made in controlling access to information that the system gives to applications. For example, it no longer allows the app to directly read your text messages nor allow calls to be directly made from the app itself. However, many feel there is still much to improve in regards to privacy protection.
Submitting a mobile app to the Apple store is a more difficult process. Apple is much more strict with their rules. Because Apple’s compliance list is also longer, the time to have your app reviewed can take an average of 1 to 3 days. Apple uses a live person to test your application, so this is where they review permission requests. As an example, if you ask to access the camera, you must inform the user in exactly the way Apple is expecting.
Even without intending to hurt people, you can easily get experience having an app rejected. By placing a form field “GENDER” on a registration form can be sufficient cause to deny your app. So as a developer, be sure to read compliance guidelines and understand each company’s privacy rules. We still have many privacy protection areas to improve. Each one of us can do our small part to help ensure our personal data gets remains safe. Simply by raising awareness about this topic can be a way to protect the global user community.