Our collective increasing dependence on mobile apps is no longer up for debate. Nowadays, they are being used for almost everything—from monitoring health and tracking fitness to booking flights and ordering food. Statistics also show that in 2020, the average smartphone user spends as much as 87% of their mobile usage time on apps and installs as many as 40 apps.
While the convenience these apps offer is undoubted, they have also become a gateway for hackers to gain access to personal information and sensitive data. Most mobile apps collect and store varying amounts of personal information from users. While many assume app makers have the users’ best interests in mind, this is not always the case.
Popular and widely used apps like Facebook often have permission to access all of a user’s internal phone storage, texts, contacts, microphone, user location, WiFi, etc. Unfortunately, the more dispersed your personal data is, the greater the chance that hackers will gain access into your data.
Understanding App Permissions
An app permission protects your privacy as the user. Every app needs to include an app manifest that lists the permissions the app uses. Mobile phones all have an operating system.
The most common are the Android operating system and the iOS operating system. Majority of mobile phones are Android phones. Android phones also have two permission categories.
Normal Permissions
These permissions will not risk the privacy of the user directly. For instance, permission to set the time zone is considered a normal permission. If an app that has been installed lists a normal permission in its manifest, the system will automatically grant the permission.
Dangerous Permissions
These permissions give the app access to the personal data found in the mobile phone such as SMS messages, contacts, as well as certain features of the system like microphone and camera.
When dangerous permissions are requested, privacy laws stipulate that relevant personal data should not be collected, used or disclosed unless the user grants consent by accepting the request for permission to do so.
For organisations that aim to adhere to privacy laws, in the way that they collect, use and disclose personal data, and especially if they are themselves app developers, they can use data protection tools to help them manage their data processing policies and practices.
How to Identify Intrusive Apps
You can spot an intrusive app by going to the Google Play store, visiting the permissions section, and checking for dangerous permissions required and whether they are proportional to the functions and purposes of the app.
Intrusive mobile apps have red flags that you can easily identify. For instance, one common red flag is if the mobile app asks for permissions for several functions like phone contacts or camera but does not state the purpose behind the need for the permissions.
Generally, if the mobile app or company does not disclose to users the purpose behind the usage and collection of the information they are accessing, it’s safe to assume the mobile app is intrusive. Ideally, the permissions that apps seek from users should only be for functionality purposes.
As an additional precautionary measure, it is recommended that consumers always read the privacy notice to determine the access and permissions they give to mobile app developers or to know how organisations use and store their personal data. This can help consumers figure out whether an app is worth downloading or not.
Also, before downloading any app, consumers need to also identify why the app is made available and by whom. If made by a well-known organisation to make acquiring their products or services easier, then it makes perfect business sense.
However, if made free of charge by an unknown organisation for entertainment purposes, then ask yourself why the app is being made available. To further upgrade your skill in data protection attend data protection courses or attain a practitioner certificate in data protection.