/ Technology

Taking control of the personal data on your mobile phone

Smartphone and eye

When you download an app onto your smartphone, do you know what personal data you’re handing over? Anette Høyrup of the Danish Consumer Council has been putting apps to the test.

We’ve all experienced it: yet another popular app has found its way onto our smartphone and with a few clicks it’s installed. It may be a fun game, Facebook Messenger or a health app that reminds you to do your daily exercise.

Whatever the type, apps often ask for access to your location, calendar, contact information, microphone and private text messages. In short, you have to consent to give over some of your phone’s data to use any app. The question is; how much data are you really handing over?

Data harvesting technology

I work as an expert on digital matters at the Danish Consumer Council, and a while ago we tested the policies of 35 apps. We’ve also developed our own app, so we could see with our own eyes how app developers can transfer your personal data to the company’s computer. It’s pretty wild to see your private text messages being copied to a company computer just like that!

Apple or Android?

How you control the data you share with apps depends on your phone. On iPhones, you can go to the phone’s settings and under ‘anonymity’ you can withdraw data from each app.

On Android phones you’ll see a list of the permissions each app requires before you download them, allowing you to accept or decline. The latest version of Android (Marshmallow, 6.0) gives you greater control, allowing you to retrospectively grant or deny permission for each app, similar to on iPhones. However, only a few phones come with this new version, or have so far been updated with it.

Difference between physical and digital world

In the real world, where you stand face-to-face with a salesperson in a shop, you’d be very surprised if you were asked to provide information as a condition of being allowed to buy a pair of pants or a loaf of bread. We decided to see how people would react to this with a hidden camera, so check it out for yourself:

There’s no such thing as a free lunch

It could be argued that your private data is a reasonable payment in return for a free app, compared to a loaf of bread you have to pay for. It can allow the company to use your data for targeted advertising and is therefore of value to them. Other times the data is required for the app to work. For example, WhatsApp asks for access to your photos so that you can send and receive photos in the app.

Your data can also provide added functionality. In this case it’s good to be on your guard. Facebook Messenger can ask for access to your private text messages, reportedly to let you text all your phone and Facebook contacts in one place. If you’re not comfortable with handing Facebook Messenger this data, then make sure not to accept it.

Of course, we’re most concerned about the times that apps ask for personal data they don’t necessarily need. Why should a torch app need your GPS location, for example?

The right to privacy

Although privacy legislation hasn’t kept up with digital developments, there are still rules which say that data collection must be objective and necessary. And these rules also apply to US companies.

Moreover, technology that protects consumers’ privacy as a default is a new important principle included in the upcoming modernisation of the EU Data Protection Act.

But what do you think? Do you think that we often have provide too much personal data to use apps? Or do you think our data is just the price we have to pay for living in a digital world? Would you prefer to pay for apps rather than hand over your personal data to get apps for free?

This is a guest contribution by Anette Høyrup of Forbrugerrådet Tænk, the Danish Consumer Council. All opinions are Anette’s own, not necessarily those of Which?

Comments

A very important subject and Which? should be much more on the front-foot regarding these matters. Reviewing smartphones suggests to me that Which? also needs to highlight downsides in a user-friendly way and this may be by referencing a site that does follow apps and reports on the scandals.

On that basis consumers may be suitably wary and choosy on app adding. A warning board for App happy? : )

I think Which?

This comment was removed at the request of the user

How very apt. Reported in the Guardian today are the exploits of Facebook who have “form” for manipulating the news through their app in an experiment.

This is one that has just come to light:
” Facebook’s habit of experimenting on its customers has again led to anger, following allegations that it deliberately broke its app for a small number of users to see what they would do.
In a report from tech journal The Information, Facebook is accused of selectively crashing its Android app, for long periods of time, in an effort to discover the threshold at which users just give up and go away. But the lure of Facebook proved too strong: “The company wasn’t able to reach the threshold,” the site says, with someone familiar with the experiment adding that “people never stopped coming back”.
Even if the app was broken for hours on end, people simply used the mobile web version of the site, rather than not use Facebook.”
Article: Facebook accused of deliberately breaking some of its Android apps

Hi all, Duncan I am curious and have been for some time
Is it possible that SKY harvest and use your preferences to direct adverts toward your habits
On the nights wifey works I visit a cousin nearby, maybe more like a brother as I was near brought up with them
They obviously do/view things different to us.
For some reason I feel I see adverts I dont see at home
We have a complete package of Satellite, phone and broadband from SKY for about a year now
I know that the box has and does use the wifi for many things as the symbol comes up when your wanting a view at something you missed but I’m beginning to think that they more about me than I do.
Could they have a few or several different series of add’s for differing types of viewers/web users

This comment was removed at the request of the user

Cisco says
” Sky made substantial commitments, both commercially and in terms of resources, to develop a first-of-its-kind Targeted Advertising solution that would transform the TV advertising industry. Working with innovators across the company’s TV, advertising, and analytics arms, as well as external partners including Cisco and BARB, in January 2014 Sky officially launched the service that was the culmination of this multiyear effort: Sky AdSmart.
Sky AdSmart is not a single algorithm, application, or technology. It is an end-to-end digital delivery chain for personalized advertising, spanning the entire broadcast system including transmission technologies, STB software and hardware, data collection, and reporting, all designed to operate on one-way satellite systems. The solution includes:
● State-of-the-art back-end system that controls scheduling of AdSmart ads, taking into account business rules and regulatory restrictions governing ad placements
● Sophisticated ad-targeting engine that classifies viewers according to 90 combinable audience attributes
● Transparent, frame-accurate ad insertion that can imperceptibly swap targeted ads into linear programs
● First-of-its-kind viewing measurement capability that can measure advertising exposure across 500,000 subscribers, encompassing 40 million viewing events a day (for example, every time a viewer changes channels, pauses, rewinds, etc.)
● Mechanisms to download Sky AdSmart software and advertisements to millions of Sky+ HD STBs without disruption to viewers, converting deployed hardware to dynamic ad servers without the need to replace customer hardware
● Aggregation of third-party demographic data with Sky IQ, Sky’s data analysis division”

And remember you are paying Sky for the adverts : )

When going from Which? front page to this page, why do I have the following in my cache:
http : // ….
partner.googleadservices.com…..
s3.amazonaws.com…….
tpc.googlesyndication.com…….
wca-assets-which-prod-euwest1.s3.amazonaws.com…….
google-analytics.com……..
googletagmanager.com……….
i-ytimg.com……..
securepubads.g.doubleclick.net…….
static.doubleclick.net/instream/ad_status.js

And I did clear my cache before going from one Which? page to the next.

Hello Alfa, all the Amazon URLs relate to our server. We use Amazon Web Servers, based in the EU, to keep the website up for you to access. The Google Analytics is how we track the traffic to the website, which pages are visited and where the traffic has come from. The DoubleClick reference relates to the panels you sometimes see on the right-hand side, showing our nuisance call reporting tool for example. This system allows us to show useful content relevant to the page you’re on. It doesn’t track you or collect information about it, just shows you the right promo on the right page and let’s us know how many people are clicking on them. The i-ytmig.com isn’t to do with us, but it’s when we embed YouTube videos to watch. I hope that explains what those are.

The cache is a bit different to cookies, but if you’re interested to read about our cookie policy, you can here: http://www.which.co.uk/privacy-policy/cookie-policy/

Thanks for the explanation Patrick.

I did wonder when they made brief appearances on a long running script.

From Wiki ” In April 2015, AWS was reported to be profitable, with sales of US$1.57 billion in the first quarter of the year, and US$265 million of operating income.” (AWS – Amazon Web Servers located in 11 geographic locations across the world).

I wonder if they pay any tax?

I presume that there is no conflict of interest in using AWS, what with convo critics of Amazon for promoting unsafe products.

I wonder when Google, Amazon, News Corporation and the like will be just too influential to argue with?

🙁

This comment was removed at the request of the user

I normally get a warning that the app wants to access a list of data! I am inclined to deny access, but am worried that by denying access, the app will not work! I feel that it is an ‘all or nothing’ decision! Is the decision for each piece of info requested to be individually accepted?
I don’t want to provide much of the information requested, but want to select which data to provide and which not!

This is something I’ve felt strongly about for quite some time. But it seems there is nothing we can do about it unless an organisation with some weight behind it, e.g. Which?, takes up the reins.

And it’s everywhere. Why, for example, does the Which? Magazine Android app need access to my contacts?

Personally. I use a radical alternative whereby I only use my phone for voice and texts. Then I have PCs from which I can surf the net.

I work in IT security and am all too conscious of this pervasive and frankly nasty trend into an Orwellian snake pit. I started to get annoyed when I noticed that an Android app for a measuring tape wanted something like contacts, GPS, inside leg etc.

I then installed an app that gave me a privacy score for each app. I deleted any apps with poor scores and the result was I left with about 2 or 3 apps. Angry Birds, you know name it went, so my once “Smart” Phone was left with a IQ at near Farage levels. Then Google began to fill up the storage with updates to their apps, so much as I gave up on Android and got a cheap Windows phone instead. I’ve never been happier with a phone. It’s slicker, easier to use and best of all most apps want hardly any extra permissions at all. The few frequent offenders that do, like Facebook Message, Pentagram (Instagram) and What’s App I just avoid like the plague.

The Android app I used to check privacy (or Big Data spying) is called Lookout and is very good.
http://www.androidauthority.com/best-android-apps-privacy-security-98118/ has a good list of 5 apps including Lookout.

This comment was removed at the request of the user

I love the “Orwellian snake pit.” I just love that one. New to me

This comment was removed at the request of the user

This comment was removed at the request of the user

Mrs D. Shen says:
7 June 2018

when you use an IPhone to send & receive gmail. Is it Apple on the IPhone or Google in the gmail that generates the three small boxes with auto reply suggestions? The reason for asking is that as the replies differ according to the text in the message that you might reply to then either Apple or IPhone can actually read your private emails if they can deduce a suitable answer. That is a breach of privacy

This facility has been used on the iPhone for text messages, in conjunction with predictive text. I had not realised that it had appeared in Apple’s mail system too. It works with mobile data switched on, so the suggested words must be stored on the phone. Since phones (not just Apple) synchronise with each other and other devices then there will be sharing. I’m hopeless at typing on a smartphone so it’s useful that my name comes up when I put in the first three characters and I suspect that many of the questionable features of data use are related to user convenience. What matters is what if anything the information is used for.

Edit: I see that Duncan has explained how to turn off the feature.

This comment was removed at the request of the user