Android users beware! Take notice that all too often your personal information is not treated privately. Applications on your smartphone may fill your day with entertainment but they can also access your information very often without you realising. Apps can access your contact list, track your location, take pictures of your surroundings, record audio and more. It is often unclear to users just what data is being taken and when. Some research claims that up to 80% of the top free applications on Android phones are engaging in “risky behaviour” and it gets worse with paid applications with estimates that over 95% collect personal data.
We know that Google is data hungry. They encourage developers for their OS to implant the permission code into their applications. As a user, you cannot control these permissions. The applications you want to use will access parts of your device, and as a user you can take it or leave it.
Every Android applications needs to declare permissions by listing them on App Manifest file. For example, if your application needs to read the user’s address book, the application needs the READ_CONTACTS permission. The App Manifest file provides essential information about the apps to the Android system. Different android platforms and versions run different API’s/. These determine which part of the phone can be accessed by each application. For example, Marshmallow version running a API Level 23 allows the applications to access fingerprint data whereas the API before this did not support fingerprint feature.
The point being that whilst it’s possible to work out what data your application might grabbing, it’s not obvious and most people have no idea. We also must question whether we are comfortable that data as personal and private as our fingerprint information is being taken and used.
Whilst permissions are divided into two categories, normal and dangerous. (Dangerous meaning the application can access to user’s confidential data). We need to be honest, most users simply do not read the pop up permission messages during install, we are all guilty of just scrolling down and clicking “I Accept”.
As the OS Maker, Google collect all the data to maintain its database, perhaps this is something we need to question more? For the app developers themselves we should also start questioning just how our data is being used. For example, are we happy that they could well be selling it onto third parties such as marketers.
Angry Bird took the world by storm for a few months. It hit the headlines for many reasons, but I don’t recall any press questioning the fact that this innocuous game required players to grant it access to their contact and location data. Why does a game like Angry Bird need to insist on these permissions? Of course, they don’t need to, but they choose to do so, because they monetise by selling that data. In this case to a company called Flurry, an analytics company that matches friends via social media. It’s how companies like Facebook make suggestions for adding contacts or promoting your posts to unconnected feeds. It can even be used to automatically update your contacts without you knowing
If that freaks you out, how about the Shopping reward app called ShopKick? This app gets permission to use your microphone. It will switch on the user’s microphone and record audio without user knowing. It does this to analyse what adverts or TV shows the user is watching to then send real time relevant adverts based on that analysis. It seems innocent enough, another way to target the right content to the right person, but the connotations of how that audio might be misused may not have been thought through or regulated nearly enough.
There is a famous example from California that demonstrates this point. A woman used her debit card to buy 415 of credit for slot machine game purchased in the Google Play store but found that the app quickly used up $5000 that she had not approved.
It’s not just the abuse of individuals that is concerning, we have to ask should so much collective personal data be freely gathered and stored by companies whom we do not know?
From a Big Data perspective, the technology is great and the data incredible, but perhaps it’s time for the Big Data Community to start to self-police. It doesn’t seem that the regulators can keep up with the technology.
Marketing Assistant & Researcher