ICO Says Mobile Apps Demand Too Much Information

The Information Commissioner’s Office (ICO) says the majority of the most popular smartphone applications fail to explain how they are using users’ data and many demand access to far more information than they need to function.

The UK’s privacy watchdog was participating in a survey by the Global Privacy Enforcement Network (GPEN), which invited 26 such regulators to investigate 1,211 apps. The ICO examined the UK’s 50 top mobile applications.

GPEN’s survey found that 85 percent failed to clearly explain how they were using, collecting and disclosing personal information, with more than half unable to provide basic privacy information and 43 percent did not tailor such details in a format suited for smartphones, either using small text or hiding it in lengthy policies.

Privacy hungry applications

The survey also found that one in three apps appeared to request excessive permissions so they could access more personal details.

“Apps are becoming central to our lives, so it is important we understand how they work and what they are doing with our information,” says Simon Rice, group manager for technology at the ICO. “Today’s results show that many app developers are still failing to provide this information in a way that is clear and understandable to the average consumer.”

The survey did find some examples of good practice, with some apps providing basic information to how data is being used and providing links to more information if requested. Other applications also provided notifications that informed users when the potential collection of data was about to happen.

However, the regulators say more needs to be done to encourage better privacy protection, adding that 49 percent of people haven’t downloaded an app because of privacy concerns.

More must be done

“The ICO and the other GPEN members will be writing out to those developers where there is clear room for improvement,” adds Rice. “We will also be publishing guidance to explain the steps people can take to help protect their information when using mobile apps.”

Anderson Cheng, CEO of SRD Wireless, the creator of privacy-focused application PQChat says excessive data collection is a problem because many apps are set up to make money first and provide a service second, with the industry assuming users have no control over their data.

“The issue is that many apps not only store a huge amount of data on their users in the first place, but then share that with other applications or use it in ways that simply aren’t secure,” he explains. “All of this can turn individuals’ personal information into a goldmine for identity thieves, spammers and others: as even with the best of intentions, app developers and operators can always fall victim to data breaches and attacks that spill the data of thousands or even millions of individuals.

“Also remember you are not always the target, you have all your contacts’ data as well and sometimes it is yours friends and family that ID thieves are after.

“This is exacerbated by the fact that, since their business models revolve around user data, many apps store far more information than they need. For instance, a simple communication app should only need your user ID and contact number. If it then demands access to your date of birth, contacts list and other information it is increasing the risk that others will gain access to your data, as well as that of your friends and family.”

He suggests users reject applications that cannot guarantee they are only storing the minimum amount of data required.

How much do you know about online security? Take out quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago