New Delhi: In April, 2017, a Virginia Polytechnic Institute study revealed that thousands of apps were sharing user data with each other without permission from users. A month later, the Germany-based Technical University of Braunschweig published a similar report, identifying 234 Android apps that were eavesdropping on smartphone microphones to listen to high-frequency ultrasonic signals (inaudible to the human ear) that were embedded in TV advertisements. The aim: to identify ads that were more popular with users.
This March, Facebook came under fire following reports that the personal data of 50 million users were obtained by an analytics firm, Cambridge Analytica, that helped elect Donald Trump as President of the US. The figure was upped to 80 million. Facebook was also criticized for collecting call and text message histories of Android users through its app. Facebook countered these charges on the grounds that these were optional features on Messenger or Facebook Lite apps, but regulators are not convinced.
Every app needs a certain amount of access to a smartphone’s resources to function and provide customized services. Social media apps require access to camera, gallery and microphone as most of their features revolve around these phone components.
Denying permissions to an app often means a certain amount of trade-offs. Users won’t be able to take advantage of a specific feature in an app, which was denied permission.
For instance, Instagram will require permission to access your camera when you want to upload a photo. Facebook will ask for permission to access the camera and microphone if you want to use Facebook Live. Similarly, WhatsApp will require access to your contacts to sync them with WhatsApp contacts.
However, these permissions are relevant in their context, but do not make sense for an e-commerce, video streaming or productivity app. An email app like Gmail will require access to storage only if a user wants to attach a file in the email.
Another area where permissions are misused is accessibility services. It is a set of permissions that allows apps to access data in other apps. It is meant for users with motor impairments, who want a spoken response from apps. Anti-virus apps use them to scan other apps and data on phone.
Misuse of accessibility services has wider implications than app permissions. Infected apps can use it to implement keylogger over a banking app or launch a phishing attack.
Google is clamping down on misuse of accessibility permissions and asking developers how their apps are using the permissions. Failure to comply can result in the removal of app from the Play Store.
However, denying accessibility permission to an antivirus app will interfere with some of its primary features such as scanning.
The roll-out of the European Union’s General Data Protection Regulation and the clamour after the Facebook scandal have compelled app developers to revise their privacy policies and make them comprehensible to users. The Telecom Regulatory Authority of India recommendations and the impending Srikrishna committee report on data protection will give more power to users. Regardless, users must review their app permissions.