From dating to fitness, travel to cooking – I bet you have a wealth of apps on your smartphone. But every tap, swipe and download, creates a mass of data that’s sent back to the app’s HQ.
We wanted to know what happens to this data, so we asked security experts First Base Technologies LLP to test 40 popular Android and Apple apps.
Data dive
First Base monitored the communication between the app, phone and internet to see exactly what information is being collected, how often, whether it’s encrypted correctly and who it’s being sent to.
We discovered that apps are not as well-behaved and security-conscious as you might expect.
For example, we found that photo app Instagram sends photos without using encryption (a means of scrambling the data so that it can’t be deciphered) – even those from accounts that are marked as private.
We asked Instagram about this and it said it would be rolling out encryption to all photo URLs, so in future all your images should be secure.
We also found some very nosey apps which ask for permission to access lots of information and features on your phone.
While some permissions are necessary for the app to do its job – Google Maps isn’t much use unless it knows your location, and you wouldn’t be able to upload your photos to Facebook without granting access to your photo album – we did find some apps asking for permissions that seem somewhat unnecessary.
And it certainly seems a step too far that MyFitnessPal needs to know who I have saved in my contacts. It’s there to monitor the size of my waistline, not my friendship circle.
Over to you
So how do you feel about sharing information with your apps? Are you happy to share your information to help support the app’s service?