Your App Permissions Could Be Taking Advantage of Your Data
Some smartphones apps take advantage of the permissions process to gather (and exploit) information they may not actually need.
Every time you install an application onto your phone, you're asked to allow that app certain permissions: to use your camera, track your location, view your contacts, and more. While some of these permissions are necessary for the app to function, some apps take advantage of that process to gather (and exploit) information they may not actually need.
The Wire spoke with Olivier Amar, CEO of MyPermissions, about the best way to recognize which apps are using your data and how to stop it. Amar's first piece of advice: read the fine print. "It doesn't matter if it's on Android or iOS, applications will gain insight into who you are. On both platforms, however, the information requires that you give permission to that access, thus reading the small print before clicking install is a must! After you've installed applications, some of them might ask you to sign in with Facebook, Google, Twitter or another platform. Again, read the small print before you click ‘okay,’ because that's where you're being informed about the information you're giving away."
Depending on the app, some information is logical to give. Amar recommends that you ask the question "Why are they asking for access to this specific piece of personal information?" before you press accept. Naturally, you need to turn on Location Services in order to use FourSquare, and you must allow your camera and photos to be accessed to use Instagram.
However, some permissions are not so obvious, and those are the ones to be weary of. "If it's in line with what the app does, great. If not, don't bother or ask the developers." Sometimes, apps will explain why they ask for particular permissions in the developer notes. Others are less upfront. For example, the newest update of Snapchat requires users to turn on Location Services to use filters: Is sharing your location worth turning your photo black and white? Amar also warns against apps that ask to send text messages in your name. Those apps usually aim to invite friends to their service using your name and number.
It's a good idea to go through your application permissions regularly, which can be done in the Settings section of your mobile device. However, Amar reminds us that clearing unwanted apps is a two-step process. He says, "Even if you've uninstalled an application from your phone or computer, they still might be able to access your personal information if you've connected to them via a service like Facebook Connect, Google+, Twitter, etc. Hence after you've uninstalled an app, remember to check your permissions."
Twitter reminds users to check their app permissions whenever they reset their password (which you should do today in honor of World Password Day!) but Facebook makes it a little more difficult. On Facebook, you have to manually remove apps one by one. You can find this page by logging into Facebook, going to Settings, then Apps, and clicking X next to each one. For Google+, visit the Account Permissions page, accessible through the Privacy tab on the Settings page.
While it's important to be diligent with your application permissions, issues can still arise on the end of the developers. Amar tells us that "In the past, we've seen apps like Path, Bangwithfriends, and SnapChat get caught for not necessarily doing something that was malicious, but for a simple technological problem. This led to users' information not being handled in a proper way or even being exposed." While some permission snafus are honest mistakes, some apps are being malicious on purpose. The Brightest Flashlight Free app for Google Play was exposed by the FTC for selling the location data of users, even if the user had opted out of sharing their location services with the application. Luckily, the FTC caught this and the app's distributer, Goldshores Technologies, deleted all the information they had collected about users.