ICO Says Mobile Apps Demand Too Much Information

The Information Commissioner’s Office (ICO) says the majority of the most popular smartphone applications fail to explain how they are using users’ data and many demand access to far more information than they need to function.

The UK’s privacy watchdog was participating in a survey by the Global Privacy Enforcement Network (GPEN), which invited 26 such regulators to investigate 1,211 apps. The ICO examined the UK’s 50 top mobile applications.

GPEN’s survey found that 85 percent failed to clearly explain how they were using, collecting and disclosing personal information, with more than half unable to provide basic privacy information and 43 percent did not tailor such details in a format suited for smartphones, either using small text or hiding it in lengthy policies.

Privacy hungry applications

The survey also found that one in three apps appeared to request excessive permissions so they could access more personal details.

“Apps are becoming central to our lives, so it is important we understand how they work and what they are doing with our information,” says Simon Rice, group manager for technology at the ICO. “Today’s results show that many app developers are still failing to provide this information in a way that is clear and understandable to the average consumer.”

The survey did find some examples of good practice, with some apps providing basic information to how data is being used and providing links to more information if requested. Other applications also provided notifications that informed users when the potential collection of data was about to happen.

However, the regulators say more needs to be done to encourage better privacy protection, adding that 49 percent of people haven’t downloaded an app because of privacy concerns.

More must be done

“The ICO and the other GPEN members will be writing out to those developers where there is clear room for improvement,” adds Rice. “We will also be publishing guidance to explain the steps people can take to help protect their information when using mobile apps.”

Anderson Cheng, CEO of SRD Wireless, the creator of privacy-focused application PQChat says excessive data collection is a problem because many apps are set up to make money first and provide a service second, with the industry assuming users have no control over their data.

“The issue is that many apps not only store a huge amount of data on their users in the first place, but then share that with other applications or use it in ways that simply aren’t secure,” he explains. “All of this can turn individuals’ personal information into a goldmine for identity thieves, spammers and others: as even with the best of intentions, app developers and operators can always fall victim to data breaches and attacks that spill the data of thousands or even millions of individuals.

“Also remember you are not always the target, you have all your contacts’ data as well and sometimes it is yours friends and family that ID thieves are after.

“This is exacerbated by the fact that, since their business models revolve around user data, many apps store far more information than they need. For instance, a simple communication app should only need your user ID and contact number. If it then demands access to your date of birth, contacts list and other information it is increasing the risk that others will gain access to your data, as well as that of your friends and family.”

He suggests users reject applications that cannot guarantee they are only storing the minimum amount of data required.

How much do you know about online security? Take out quiz!