Managing Intrusive Mobile Apps - A Guide for Users
2021-06-01
In the last decade, mobile applications have become an essential part of our daily lives due to rapid digitalisation. We use them for entertainment, productivity, socialisation and many other purposes. However, the vast majority of mobile apps available today for download are not created with their users' privacy in mind. Hence, most mobile apps are collecting and storing large amounts of unnecessary and personal information from their users. This article discusses ways that users can protect themselves from being trapped in a sticky situation by knowing how to detect intrusive mobile apps.
Understanding App Permissions
A 'permission' in an app protects the privacy of the user of the app. Every app must include an 'app manifest' that, amongst other things, lists the permissions that the app uses.
Every mobile phone has an operating system, most commonly the Android operating system (Google) or the iOS (Apple) operating system. The vast majority of mobile phones are 'Android phones' and they have two 'permissions' categories:
Normal permissions
These permissions do not directly risk the user's privacy - for example, permission to set the time zone is a normal permission. If an app lists a normal permission in its manifest, the system grants the permission automatically.
Dangerous permissions
These permissions give the app access to the user's personal data in their mobile phone, such as contacts and SMS messages, as well as certain system features, such as the phone, microphone and camera. If dangerous permissions are requested, privacy laws do not allow the relevant personal data to be collected, used or disclosed unless the user gives explicit consent by 'accepting' the request for permission to do so.
In addition, privacy laws generally restrict 'dangerous permissions' to personal data that the app may collect, use or disclose while the user is actually using it - they do not allow apps to collect, use or disclose personal data simply because the user downloaded the app. Moreover, excessive use of permissions relative to the app's functionality and purposes may be deemed excessive.
How to look out for intrusive app
To spot an intrusive app, go to the Google Play store, visit the permissions section (view details) and look for what dangerous permissions it requires and whether they are proportional to the purposes and functions of that specific app.
For example, there are 50 apps listed that offer related Singapore MRT information on Google Play Store. Ask yourself what personal information (aka dangerous permissions) the app needs to function and give you information such as MRT routes and related information. Yet there are a few apps that require your phone status and identify, device ID and call information, camera - down to your specific location information. Is that necessary?
It would be reasonable, for example, to expect a taxi app to request access to make phone calls directly from the app or for a messaging app to get access to your location, contact list, storage so you can share your content with several recipients.
But it would be excessive for a shopping app to request permissions
Already a member?
Unlock these benefits
Get access to news, enforcement cases, events, and actionable tips and guides
Get regular email updates and offers
Job opportunities, mentorship and career guidance
Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin
DPEX Network is a Community Initiative of Straits Interactive.
Copyright © Straits Interactive Pte Ltd. All Rights Reserved.
All intellectual property rights to logos and brands featured on this website remain the property of their respective owners.