Privacy sweep has shown a high percentage of apps has questionable privacy policies
The Global Privacy Enforcement Network (GPEN) published the results of a second annual privacy sweep performed this may. This time the subject of the sweep was mobile apps.
25 privacy enforcement authorities coordinated by the Office of the Privacy Commissioner of Canada performed an assessment of 1 211 apps for tablets and smartphones. Its aim was to evaluate which app is most pleasant to use in terms of what permissions, personal data are used and if/how it is explained what for the information and permissions are used.
In order to asses applications 5 criteria were chosen:
2. The permissions requested by the app and the explanation of the purpose it is used for. It may include permission to access personal data, current location, photos, videos or other files, other input devices like camera or microphone.
3. Did the permissions go beyond what the sweeper was expecting based on the app’s functionality.
5. Overall satisfaction regarding privacy communications. The quality of explanation given while using the app on permissions and how it the personal data is being collected, used and disclosed.
Out of 1 211 popular apps tested by the sweep 75% requested at least 1 permission. Most of these permissions requested access to the location of the user (32%). Other most common permissions requests are 16% for device ID information and 15% for an access to other accounts.
The sweep concluded that surprisingly over 40% of the applications did not tailor privacy communications to be used on small screen tablets or smartphones. It is know as a common complain from users to have to scroll horizontally and vertically in order to read the unnecessary long privacy policies.
However it has been noticed that a lot of popular apps are willing to provide clear and easily accessible information about all of their permissions. Furthermore, there were apps that would not only explain what they would do with the information acquired but what they would not do with it as well. Another pleasant example would be applications allowing the user to “opt-out” from some of the features that he/she may find unnecessary.
Overall, even though the privacy sweep showed that some developers are willing to provide all the information that the user may be interested in, there are still a lot of application developers that are not as informative as it would be expected from somebody who has access to your personal data and it is advisable to be wary when allowing various permission requests.