Why you should ensure that all those apps on your smartphone only run with the permissions they reasonably need to do their job
Friends mention exciting new apps or we see a promotion that requires an app to be downloaded, and the rush is on to download the app and start interacting with it. But do we consider the permissions needed by the app? Do we reconcile the permissions against functionality? Do we even bother reading the permissions? Unfortunately, the answer is probably a ‘no’, or at best it may be a ‘sometimes’.
Since October is dedicated to campaigns that promote cybersecurity and privacy awareness, let’s shine the spotlight on the growing importance of being mindful of what permissions we grant to mobile apps.
App permissions are complex, and it is not always obvious why an app may require a permission. And in reverse, it’s sometimes abundantly clear that an app probably does not need a permission. Take, for example, a battery monitoring app: does it need access to my precise location or the ability to create new accounts? Probably not.
I recently watched the Netflix documentary ‘The Great Hack’, an in-depth examination of the data company Cambridge Analytica and how data collected, mainly through social media, was being used to persuade voters in elections how to cast their vote. The narrator, Professor David Carroll, expressed concern that by the time his daughter is 18 there will be about 70,000 data points defining her. The big takeaway from the program is that data has surpassed oil as the world’s most valuable asset.
While many of the data points will come from information that is voluntarily shared through social media and such like, it’s when data is collected out of context or when least expected that is more concerning. Take the example above: a battery monitoring app needing my precise location seems to be out of context. Is the company tracking me? Why do they need this data point? The same permission is fully understood when using a map and getting directions. Without my location it would be lost. It may even feel like I have gone back in time to the days of paper maps and having no idea of where I am on the map.
The category of apps that are typically at the forefront of abusing permissions are flashlight apps that request contact data and microphone access to name a few. Does the flashlight app want to listen to me and know all my friends? The answer is no, but there are plenty of companies to sell this data point to. Back in 2013, the FTC took to task some flashlight app companies as the permissions did not tally with their privacy policy to the data being collected. The issue was that consent was not given for the data collected. If apps, as I am sure most do, disclose the permissions and their privacy policy matches the collection and use of data, then we, the users, are the ones that need to be vigilant and ascertain whether the data collected is in context. And even if the collection is out of context, we need to decide whether the service the app provides us equals the value of the data collected.
A practical test
When downloading an app that provides functionality, remember there are choices. To demonstrate the differences between apps that provide similar functionality and the permissions requested, I searched for ‘battery saver’ in the Google Play store. Below is a table of the first 5 apps listed (in the order they were displayed):
The above is purely to demonstrate the differing number of permissions and how key permissions such as location and file access can differ on apps that have seemingly similar functionality.
Managing the apps on your phone and the permissions they have is good housekeeping. Rather than playing Candy Crush at the departure gate or bus stop, take a few minutes to uninstall unused apps and take a look through the permissions of apps you decide to keep.
You can check the app permissions you have enabled by heading to the Apps section of the Apps & Notifications. Find the app and scroll down until you find permissions and take a moment to review them, toggling off any that you don’t think are necessary.
There is also the ability to do this by feature. For example, if you look at Camera permissions you can see all the apps that have this permission and toggle them on/off as you see fit. Declining an app certain permissions does not mean it will not function altogether, it may just limit the functionality.
If data is truly more valuable than oil, then understanding the value of our personal data is essential as companies will be motivated to collect it to generate revenue. We, the consumers, must step up and engage in controlling, or at least understanding, the data we trade with companies to gain access to their services.