Pando

Study: 85% of mobile apps fail to disclose how they use consumer data

By Nathaniel Mott , written on September 10, 2014

From The News Desk

It sometimes seems like every new product begs the same question: Is using this worth giving up whatever privacy I have left?

So many applications and websites request or require access to address books, location history, contact information, and other data that the idea that we even have any privacy left can seem ridiculous. But the important thing is in the asking -- it's better to give that information over willingly than to have it stolen without our knowledge or consent.

Unfortunately, many application developers haven't learned this lesson. The Global Privacy Enforcement Network -- a group meant to enforce privacy laws across borders -- studied 1,200 mobile apps and found that many of them gather data without a consumer's informed consent. As the Guardian notes in its report on the study, which doesn't appear to be available online:

Of the 1,200 apps surveyed, 85% failed to disclose how they used information, while 59% of the apps 'left users struggling to find basic privacy information', the organisation said.

Simon Rice, the group manager for technology at Britain’s Information Commissioner’s Office, which is a member of the GPEN, said: 'Today’s results show that many app developers are still failing to provide this information in a way that is clear and understandable to the average consumer.' Now, this isn't as bad as if the developers were stealing information from consumers even after they were told not to, which is what happened with a popular flashlight application in 2013. But it's important that consumers know what an application plans to do with their information, and that it's easy to find ways to prevent it from collecting data that isn't meant to be shared at all.

Another problem identified in GPEN's report is the fact that one-third of the applications studied required an excessive number of permissions -- in other words, were requesting access to more information than is allowed by the United Kingdom privacy laws -- in addition to their other problems. It's strange to think that any application can request "too much" data when so many of them are asking for essentially everything we have on our phones, but it's still possible.

I wrote about this issue at the end of last year, when the Electronic Frontier Foundation revealed that Google had removed from its operating system a tool that allowed Android users to prevent applications from gathering all but the most essential information about a consumer:

Besides showing the problems caused by taking developers at their word, especially in light of the Washington Post’s report on how government agencies use the information they gather, this also shows that disclosures are not enough. Knowing that an app’s developer wants to be able to monitor your location or access your address book is better than not knowing those things, but that doesn’t mean that all developers are honest about the data they’re gathering and how it’s being used. (Again, consider the FTC’s settlement with the flashlight app maker.)

Don’t get me wrong. Learning more about what developers are doing with user data is becoming increasingly important, and it’s certainly a start. But being able to do something about it by disallowing certain information gathering or granting apps specific permissions without allowing them unfettered access to everything on your smartphone would be even better. GPEN's study shows that this idea is more important than ever. In a world where so many people are giving away so much information without concern for the implications it might have on their privacy in the future, it's ridiculous to think that some developers are still desperate enough to hide their attempts to grab information from consumers or to gather too much data.

But that appears to be the world we live in, and as much as we might wish people would care more about their privacy, that's not going to be happening any time soon. So I'll ask this of these developers instead: why not exploit consumer indifference instead of sneaking around? The world cares less about privacy than it should, so you might as well take advantage of that.

[illustration by Brad Jonas]