Friends mention an exciting new app, or we see a promotion that requires an app to be downloaded, and the rush is on to download the app and start interacting with it. But do we consider the permissions needed by the app? Do we reconcile the permissions against functionality? Do we even bother reading the permissions? Unfortunately, the answer is probably a ‘no’, or at best it may be a ‘sometimes’.
Since October is dedicated to campaigns that promote cybersecurity and privacy awareness, let’s shine the spotlight on the growing importance of being mindful of what permissions we grant to mobile apps, says Carey van Vlaanderen, CEO at ESET South Africa.
App permissions are complex, and it is not always obvious why an app may require a permission. And in reverse, it’s sometimes abundantly clear that an app probably does not need a permission. Take, for example, a battery monitoring app: does it need access to my precise location or the ability to create new accounts? Probably not.
The Netflix documentary ‘The Great Hack’ is an in-depth examination of the data company Cambridge Analytica and how data collected, mainly through social media, was being used to persuade voters in elections how to cast their vote. The narrator, Professor David Carroll, expressed concern that by the time his daughter is 18 there will be about 70,000 data points defining her. The big takeaway from the program is that the data has surpassed oil as the world’s most valuable asset.
While many of the data points will come from information that is voluntarily shared through social media and such like, it’s when data is collected out of context or when least expected that is more concerning. Take the example above: a battery monitoring app needing any precise location seems to be out of context. Is the company tracking me? Why do they need the data point? The same permission is fully understood when using a map and getting directions. Without my location it would be lost. It may even feel like I have gone back in time to the days of paper maps and having no idea where I am.
The category of apps that are typically at the forefront of abusing permissions are flashlight apps that request contact data and microphone access to name a few. Does the flashlight app want to listen to me and know all my friends? The answer is no, but there are plenty of companies to sell this data point to. If apps disclose the permissions and their privacy policy matches the collection and use of data, then we, the users, are the ones that need to be vigilant and ascertain whether the data collected is in context. And even if the collection is out of context, we need to decide whether the service the app provides us equals the value of the data collected.
Managing the apps on your phone and the permissions they have is good housekeeping. Take a few minutes to uninstall unused apps and look through the permissions of apps you decide to keep. You can check the app permissions you have enabled by heading to the Apps section of the Apps and Notifications. Find the app and scroll down until you find permissions and take a moment to review them, toggling off any that you don’t think are necessary.
There is also the ability to do this by feature. For example, if you look at Camera permissions you can see all that apps that have this permission and toggle them on/off as you see fit. Declining an app certain permission does not mean it will not function altogether, it may just limit the functionality.
If your data is truly more valuable than oil, then understanding the value of our personal data is essential as companies will be motivated to collect it to generate revenue. We, the consumers, must step up and engage in controlling or at least understanding, the data we trade with companies to gain access to their services.