The apps that know everything about you

Eric MarkowitzEJ Fox Updated - March 10, 2018 at 12:50 PM.

You may be surprised at the amount of data that popular apps are collecting about you

BL08_Mobile_Apps.eps

It’s no secret that Facebook can track pretty much every detail about your personal life. But did you know that Happy Fish—a popular kids game based on the Android operating system—might be a worse privacy offender?

Happy Fish’s developer, HappyElements, programmed the game so that it can collect a trove of information about you (and your kids) through the app. The game knows your precise location, has access to your photos and can read your text messages. It can even tell which Wi-Fi network you’re using.

This is a bit creepy, right?

Plenty of people think so. Just check out some of the reviews on hit games. Fruit Ninja, for instance, consistently weirds people out with the personal data it asks them to fork over. The permissions “are crazy,” writes one reviewer. “I will never install this until it is clear as to why the developer needs access to all your private content.”

Privacy problem

We reached out to Jason Hong, a professor of computer science at Carnegie Mellon and founder of PrivacyGrade.org, a site that ranks apps by how well they respect your personal privacy. Hong is a leading researcher on app security. So we asked him: What do the most downloaded apps know about us, and what do they do with that information?

Hong helped us run an analysis of these apps, and we chose to focus on Android apps for a couple of reasons. First, there are about a billion Android users, which gives them about 62 per cent of the smartphone market, compared with Apple’s 33 per cent. Second, Android, unlike Apple, makes it easy to run a robot to retrieve the permission data easily. But our findings are relevant for any mobile phone user—it’s a barometer of what app makers think they can get away with.

As you’ll see from our chart we’ve listed 25 of some of the most popular apps in the Google Play store, including Skype, Facebook and WhatsApp. There are actually about 60 permissions that these apps can ask for—everything from making your phone vibrate to accessing your camera. For practical reasons, we asked Hong to highlight four permissions that he thought were potentially the most alarming. Across the top, we list those four: contacts, text messages, call log and microphone. All of these are pretty straightforward, but the microphone permission is especially eerie. Imagine all the audio around you being recorded by some app, without your knowledge.

To be clear, these apps don’t actually activate your microphone until you tell them to (e.g. you make a phone call on the Skype app), but in the future, that may change. Facebook freaked out users in May when it announced a new (optional) feature that would let the microphone listen in on your conversations.

If you’re an Android user, this might make you a little uncomfortable. Most people probably don’t even pay attention to the permissions page that pops up before they download an app. It definitely asks you to accept the list of permissions the app is requesting, but it all happens extremely fast. It’s like checking the box on a “terms and conditions” page—easy and forgettable. Most people also probably don’t know that once they’ve download the app, the app will never again ask for permission for anything it’s accessing.

Of course, Happy Fish isn’t the only app that tracks loads of information about you. Hit games like Despicable Me and Drag Racing flunked Hong’s privacy tests. Help or hinder

In fairness, it’s not like most app makers are creepily scanning through your address books and looking for nude photos in your camera roll. There are a few reasons why these apps ask for your personal data.

In some cases, they need it to provide you with certain functions of the app. The simplest example is a map app that asks for your location data—without it, the app isn’t really all that helpful. Same with a Skype app asking for access to make phone calls. Some permissions are a bit more nuanced, but there’s still a clear potential utility for the user. For instance, The Weather Channel app requires access to your device and Wi-Fi settings. Sounds creepy, but they do it in case they want to send your phone a severe weather warning.

But the second reason has nothing to do with pleasing you—it’s about serving up your information to advertisers. “These advertisers are trying to get more targeted information about you, so they can get more targeted ads,” Hong says. For instance, health and wellness apps send your fitness routines and menstrual cycles to advertisers. Foursquare, the check-in app, sells your GPS data so stores know where you’re shopping.

The last reason is the most irritating– and to some people’s minds, worrisome: The developers ask for access to your information simply because they can, and no one is there to tell them to stop. “Most developers aren’t evil,” Hong says, “but they often don’t know what to do with respect to privacy and security.” So they collect reams of data on users without any immediate purpose in mind.

There’s probably not much that users can do about all this, short of shutting off their Android phone, storing it in a locked closet and going for a walk outside. But just like apps are getting to know you better, you may want to get to know them a little better, too.

The article originally appeared in www.vocativ.com

Published on January 7, 2015 15:22