Real news from the privacy world

Privacy sweep has shown a high percentage of apps has questionable privacy policies

The Global Privacy Enforcement Network (GPEN) published the results of a second annual privacy sweep performed this may. This time the subject of the sweep was mobile apps.

25 privacy enforcement authorities coordinated by the Office of the Privacy Commissioner of Canada performed an assessment of 1 211 apps for tablets and smartphones. Its aim was to evaluate which app is most pleasant to use in terms of what permissions, personal data are used and if/how it is explained what for the information and permissions are used.

In order to asses applications 5 criteria were chosen:
1. Prior to the download did the privacy policy explain how the app is going to collect, use and disclose personal data.
2. The permissions requested by the app and the explanation of the purpose it is used for. It may include permission to access personal data, current location, photos, videos or other files, other input devices like camera or microphone.
3. Did the permissions go beyond what the sweeper was expecting based on the app’s functionality.
4. Ability to comfortably read the privacy policy on big and small screen devices.
5. Overall satisfaction regarding privacy communications. The quality of explanation given while using the app on permissions and how it the personal data is being collected, used and disclosed.

Out of 1 211 popular apps tested by the sweep 75% requested at least 1 permission. Most of these permissions requested access to the location of the user (32%). Other most common permissions requests are 16% for device ID information and 15% for an access to other accounts.

59% of all these apps failed to pass the first criteria and caused concerns regarding pre-installation privacy communications. According to the sweep report these apps did not give sufficient information about the permissions the application requires to work and does not provide a comfortable access from the download page to the privacy policy. In some cases the user was asked to login, some applications direct the user to irrelevant websites. In worst cases some of the apps raised questions on who is the developer and data controllers were.

The sweep concluded that surprisingly over 40% of the applications did not tailor privacy communications to be used on small screen tablets or smartphones. It is know as a common complain from users to have to scroll horizontally and vertically in order to read the unnecessary long privacy policies.

The most concerning fact, however, was that even 30% of all the applications did not provide any information regarding privacy policy besides permissions at all and only 15% clearly explains how personal information is being collected, used and disclosed making sweeper confident in his/her knowledge of app’s practices. It shows that most of the users are not interested in their privacy and are willing to use app without prior information regarding their data security.

However it has been noticed that a lot of popular apps are willing to provide clear and easily accessible information about all of their permissions. Furthermore, there were apps that would not only explain what they would do with the information acquired but what they would not do with it as well. Another pleasant example would be applications allowing the user to “opt-out” from some of the features that he/she may find unnecessary.

Overall, even though the privacy sweep showed that some developers are willing to provide all the information that the user may be interested in, there are still a lot of application developers that are not as informative as it would be expected from somebody who has access to your personal data and it is advisable to be wary when allowing various permission requests.



Try NordVPN for Free!

3 days of full security and privacy, with no strings attached

Comments

Your email address will not be published. Required fields are marked *

Leave a Comment

Your email address will not be published. Required fields are marked *