/ Technology

How much do smartphone apps know about you?

App data

From dating to fitness, travel to cooking – I bet you have a wealth of apps on your smartphone. But every tap, swipe and download, creates a mass of data that’s sent back to the app’s HQ.

We wanted to know what happens to this data, so we asked security experts First Base Technologies LLP to test 40 popular Android and Apple apps.

Data dive

First Base monitored the communication between the app, phone and internet to see exactly what information is being collected, how often, whether it’s encrypted correctly and who it’s being sent to.

We discovered that apps are not as well-behaved and security-conscious as you might expect.

For example, we found that photo app Instagram sends photos without using encryption (a means of scrambling the data so that it can’t be deciphered) – even those from accounts that are marked as private.

We asked Instagram about this and it said it would be rolling out encryption to all photo URLs, so in future all your images should be secure.

We also found some very nosey apps which ask for permission to access lots of information and features on your phone.

While some permissions are necessary for the app to do its job – Google Maps isn’t much use unless it knows your location, and you wouldn’t be able to upload your photos to Facebook without granting access to your photo album – we did find some apps asking for permissions that seem somewhat unnecessary.

And it certainly seems a step too far that MyFitnessPal needs to know who I have saved in my contacts. It’s there to monitor the size of my waistline, not my friendship circle.

Over to you

So how do you feel about sharing information with your apps? Are you happy to share your information to help support the app’s service?

Comments
Profile photo of duncan lucas
Member

I do not have a cell-net phone but I am in complete agreement with the Convo . People come onto Which very irate about their personal details being known and they daily without thinking give them all away if not from a “smart”-phone then by normal use of a computer . The public have no conception about the massive gathering of your data and I dont mean GCHQ I mean nearly every commercial business in existence for profit . As I said on another Convo in the US its now into many Trillions of $$$$ for businesses ,it was $650 Billion in 2002 in the US according to their official figures . What it is in the UK I havent found out yet but must be at least the US,s old figures .

Member
Bianca Schmitz-Culbert says:
30 May 2016

I only use Apps, which are free, and if I give something else (in this case, data) in return, that sounds a fair transaction to me. HOWEVER, I want to be really clear from the beginning re what data the app is going to access, so I can make a fully informed decision whether or not to enter this transaction.

Member
Tom Wills says:
30 May 2016

I think the situation with Android app permissions is way out of control. It’s bad enough that some apps ask for unnecessary permissions. What makes it worse is that there’s no option to be selective about which permissions you grant. On several occasions I’ve been uncomfortable about granting apps access to my address book, but the only alternative seems to be not to use the app at all.

At least on iPhones and iPads you’re asked which permissions to grant to each app. But then Apple seems to be much more aggressive when it comes to keeping you (and your data) locked in to their services – for example, my parents had to download iTunes on their PC just to transfer photos to their iPad.

Profile photo of Davy Nook
Member

I have a higher regard for the privacy of my contacts (friends, GP, other organisations I may use) than for data-gathering apps.
A simple expedient is to keep those details in a file rather than any built-in known location(s). It is still quickly accessible for any use you may have for it but not available for nosey-parkers.
An inexpensive shielded smartphone holder prevents communication and in conjunction with “flight-mode” allows varying degrees of restricting to times it is convenient to you to use.
There is no other way to restrict radio access to a radio device and any “security” procedures can be circumvented by a reasonably competent “cracker” until end-to-end encryption is universal. That should be pursued quickly to frustrate 1984 legislation.

Profile photo of John Ward
Member

There was an interesting Which? Conversation called “Which apps make you ‘appy?” [08/03/2013] that showed that although there are countless numbers of apps available most people only use a small number. Unfortunately the Conversation has only attracted six useful contributions to date, the last one being two and a half years ago. Most contributors seemed to have three or four favourites [like travel info, Skype, i-player, weather, and hobby/pastime related] and the entire spread was only a couple of dozen. It is possible that people are using many more apps than they will own up to.