/ Technology

How much do smartphone apps know about you?

App data

From dating to fitness, travel to cooking – I bet you have a wealth of apps on your smartphone. But every tap, swipe and download, creates a mass of data that’s sent back to the app’s HQ.

We wanted to know what happens to this data, so we asked security experts First Base Technologies LLP to test 40 popular Android and Apple apps.

Data dive

First Base monitored the communication between the app, phone and internet to see exactly what information is being collected, how often, whether it’s encrypted correctly and who it’s being sent to.

We discovered that apps are not as well-behaved and security-conscious as you might expect.

For example, we found that photo app Instagram sends photos without using encryption (a means of scrambling the data so that it can’t be deciphered) – even those from accounts that are marked as private.

We asked Instagram about this and it said it would be rolling out encryption to all photo URLs, so in future all your images should be secure.

We also found some very nosey apps which ask for permission to access lots of information and features on your phone.

While some permissions are necessary for the app to do its job – Google Maps isn’t much use unless it knows your location, and you wouldn’t be able to upload your photos to Facebook without granting access to your photo album – we did find some apps asking for permissions that seem somewhat unnecessary.

And it certainly seems a step too far that MyFitnessPal needs to know who I have saved in my contacts. It’s there to monitor the size of my waistline, not my friendship circle.

Over to you

So how do you feel about sharing information with your apps? Are you happy to share your information to help support the app’s service?


This comment was removed at the request of the user

Bianca Schmitz-Culbert says:
30 May 2016

I only use Apps, which are free, and if I give something else (in this case, data) in return, that sounds a fair transaction to me. HOWEVER, I want to be really clear from the beginning re what data the app is going to access, so I can make a fully informed decision whether or not to enter this transaction.

Tom Wills says:
30 May 2016

I think the situation with Android app permissions is way out of control. It’s bad enough that some apps ask for unnecessary permissions. What makes it worse is that there’s no option to be selective about which permissions you grant. On several occasions I’ve been uncomfortable about granting apps access to my address book, but the only alternative seems to be not to use the app at all.

At least on iPhones and iPads you’re asked which permissions to grant to each app. But then Apple seems to be much more aggressive when it comes to keeping you (and your data) locked in to their services – for example, my parents had to download iTunes on their PC just to transfer photos to their iPad.

I have a higher regard for the privacy of my contacts (friends, GP, other organisations I may use) than for data-gathering apps.
A simple expedient is to keep those details in a file rather than any built-in known location(s). It is still quickly accessible for any use you may have for it but not available for nosey-parkers.
An inexpensive shielded smartphone holder prevents communication and in conjunction with “flight-mode” allows varying degrees of restricting to times it is convenient to you to use.
There is no other way to restrict radio access to a radio device and any “security” procedures can be circumvented by a reasonably competent “cracker” until end-to-end encryption is universal. That should be pursued quickly to frustrate 1984 legislation.

There was an interesting Which? Conversation called “Which apps make you ‘appy?” [08/03/2013] that showed that although there are countless numbers of apps available most people only use a small number. Unfortunately the Conversation has only attracted six useful contributions to date, the last one being two and a half years ago. Most contributors seemed to have three or four favourites [like travel info, Skype, i-player, weather, and hobby/pastime related] and the entire spread was only a couple of dozen. It is possible that people are using many more apps than they will own up to.

This comment was removed at the request of the user

With a total of 7 posts (including this one) in two and a half years, this convo topic doesn’t seem to be a major concern for those on W?C.

In contrast, the convo about patchy phone reception has received over 1500 posts in a month.

I can’t help thinking that a lot of app users don’t know and/or don’t worry about the issues mentioned here.

Also, for a lot of young folk growing up with smart phones, I think they just take the capabilities, benefits and disbenefits of smart phone usage as fundamental facts of life.

In particular, I think a lot of them prefer to suffer the risks and consequences from things like cyberbullying rather than risking social exclusion by not having a phone and thus being off the net and out of touch with their besties.

It would be useful to have regularly updated information about which apps are best avoided because of security risks or users’ information being exploited. Which? press releases can generate a great deal of publicity and social media has the potential of going further.