This flashlight app requires: Your contacts list, identity, access to your camera...

Who us, dodgy? Vast majority of mobile apps fail privacy test

A global survey of more than 1,200 mobile apps has discovered that the vast majority (85 per cent) fail to provide basic privacy information.

The global survey faulted apps for accessing large amounts of personal information without adequately explaining how they were collecting, using and disclosing personal information. Almost one in three apps appeared to request an excessive number of permissions to access additional personal information.

More than half (59 per cent) of the apps left users struggling to find basic privacy information. Many (43 per cent) of the apps either providing information in a too small print, or also hide the information in lengthy privacy policies that required scrolling or clicking through multiple pages.

It wasn't all bad news.

The research did find examples of good practice, with some apps providing a basic explanation of how personal information is being used, including links to more detailed information.

The regulators were also impressed by the use of just-in-time notifications on some apps that informed users of the potential collection, or use, of personal data as it was about to happen. These approaches were lauded because they make it easier for people to understand how their information is being used and when.

Andersen Cheng, chief exec of mobile startup SRD Wireless, said that the survey's findings are unsurprising because apps are increasingly set up to make money from data collection first and offer a service second. Essentially, the industry has assumed that users have no control over their own data: as long as apps are deciding they need access to your life history and full contacts list to work, your personal information can never be safe.

"The issue here is more than just how apps explain how they collect and use data," Cheng commented. "The issue is that many apps not only store a huge amount of data on their users in the first place, but then share that with other applications or use it in ways that simply aren’t secure."

App developers and operators can always fall victim to data breaches and attacks that spill the data of thousands or even millions of individuals, Cheng warned.

“This [risk] is exacerbated by the fact that, since their business models revolve around user data, many apps store far more information than they need. For instance, a simple communication app should only need your user ID and contact number. If it then demands access to your date of birth, contacts list and other information it is increasing the risk that others will gain access to your data, as well as that of your friends and family,” he concluded.

Room for improvement

The survey by the Global Privacy Enforcement Network (GPEN) examined the privacy information provided by 1,211 mobile apps. As a member of GPEN, the UK’s Information Commissioner’s Office examined 50 of the top apps released by UK developers.

ICO group manager for technology, Simon Rice, said: “Apps are becoming central to our lives, so it is important we understand how they work and what they are doing with our information. Today’s results show that many app developers are still failing to provide this information in a way that is clear and understandable to the average consumer."

“The ICO and the other GPEN members will be writing out to those developers where there is clear room for improvement. We will also be publishing guidance to explain the steps people can take to help protect their information when using mobile apps,” he added.

The ICO has published "Privacy in Mobile Apps" guidance (PDF) to help app UK developers to follow best practice and comply with the UK's Data Protection Act.

The guidance includes advice on informing people how their information will be used. Research carried out last year to support the launch of the guidance’s launch found that 49 per cent of app users have decided not to download an app due to privacy concerns, so developers have a commercial reason to be clearer about their privacy policies. ®

Similar topics

Other stories you might like

  • North Korea pulled in $400m in cryptocurrency heists last year – report

    Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

    In brief Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

    A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader's coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

    Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 - although part of the reason might be that they are now so valuable people are taking more care with them.

    Continue reading
  • Tesla Full Self-Driving videos prompt California's DMV to rethink policy on accidents

    Plus: AI systems can identify different chess players by their moves and more

    In brief California’s Department of Motor Vehicles said it’s “revisiting” its opinion of whether Tesla’s so-called Full Self-Driving feature needs more oversight after a series of videos demonstrate how the technology can be dangerous.

    “Recent software updates, videos showing dangerous use of that technology, open investigations by the National Highway Traffic Safety Administration, and the opinions of other experts in this space,” have made the DMV think twice about Tesla, according to a letter sent to California’s Senator Lena Gonzalez (D-Long Beach), chair of the Senate’s transportation committee, and first reported by the LA Times.

    Tesla isn’t required to report the number of crashes to California’s DMV unlike other self-driving car companies like Waymo or Cruise because it operates at lower levels of autonomy and requires human supervision. But that may change after videos like drivers having to take over to avoid accidentally swerving into pedestrians crossing the road or failing to detect a truck in the middle of the road continue circulating.

    Continue reading
  • Alien life on Super-Earth can survive longer than us due to long-lasting protection from cosmic rays

    Laser experiments show their magnetic fields shielding their surfaces from radiation last longer

    Life on Super-Earths may have more time to develop and evolve, thanks to their long-lasting magnetic fields protecting them against harmful cosmic rays, according to new research published in Science.

    Space is a hazardous environment. Streams of charged particles traveling at very close to the speed of light, ejected from stars and distant galaxies, bombard planets. The intense radiation can strip atmospheres and cause oceans on planetary surfaces to dry up over time, leaving them arid and incapable of supporting habitable life. Cosmic rays, however, are deflected away from Earth, however, since it’s shielded by its magnetic field.

    Now, a team of researchers led by the Lawrence Livermore National Laboratory (LLNL) believe that Super-Earths - planets that are more massive than Earth but less than Neptune - may have magnetic fields too. Their defensive bubbles, in fact, are estimated to stay intact for longer than the one around Earth, meaning life on their surfaces will have more time to develop and survive.

    Continue reading

Biting the hand that feeds IT © 1998–2022