Be Aware of App Traps

AN39-1-MGT-IntonetI have finally joined the rest of the world and acquired a tablet computer.

I am not a gadget oriented type and only did so to satisfy some needs that were becoming somewhat pressing. As I have told you in the past, my extended family owns a whole arsenal of mobile devices and my eleven year old granddaughters have educated me to an impressive level of competence in these.

With this superior knowledge I understood that to make the device perform some of the tasks I required one had to get the appropriate apps; after all that is what we call software on everyday computers. In searching for such apps I was quickly overwhelmed by the sheer number available for me to choose from. But which one was the best?

Searching amongst many hundreds of thousands it became obvious that the majority were authored by reputable companies leaving nevertheless quite a few with unknown or dubious pedigree. But so what?

The vast majority are stylish, distinct chunks of software that live online or in your smartphone or tablet. To "buy" an app, all you have to do is click a button. Sometimes they cost a few dollars but many apps are free. That may be so at least in monetary terms but you often pay in another way. Apps are gateways and, when you buy an app, there is a strong chance that you are supplying its developers with one of the most coveted commodities in today's economy: personal data. After all, he can write what ever code he wishes into his little program and yes, he does have to make a living. And therein lays the rub!

This kind of information is the coin of the realm in the personal-data economy. The $28 billion online advertising industry is fuelled largely by data collected about users' web behavior that allows advertisers to create customised ads.

That is self evident even in plain PC browsing. You too must have thought it strange that, while visiting a site in Italy, you were confronted with an ad from your bank in Australia yet no app was apparent. That bit of black magic is simply achieved by monitoring your IP address that your browser broadcasts every time you go online. But back to apps.

As an outstanding and significant example we find Facebook apps are generally free, but they are also big business, particularly games that sell "virtual goods". The software company Zynga, maker of popular apps including FarmVille and CityVille, had revenue of $1.14 billion in 2011 yet reportedly it was unprofitable. The company went public this last December, and its stock-market capitalisation is currently more than $8 billion. Makes me wonder what I am doing wrong?

Facebook is considered to have one of the most advanced privacy models for its apps because it lists nearly every type of data sought — and provides users with the ability to reject apps' requests for some types of data. Smartphone apps often lack privacy policies and don't offer as much information and control over their use of personal data.

So having chewed over that for a while I decided to be brave and download some of the apps I needed.

To my surprise those that came from recognised sources all displayed concurrence screens in various flavour advising me of what information would be collected and what, if any, adjustments to my system settings would be made. Many requests seemed quite reasonable; after all, if I wanted to be advised of updates my email address was certainly necessary since I did not have a direct phone system installed but intended to rely on wi-fi connections. Naively, I did want to block some options only to discover that the app would not install. A case of "my way or – too bad!" And that dear reader is the story for most apps. The only way to install them was to accept all the data gathering they advised you of in accordance with a variety of privacy standards.

My tablet uses the Android operating system as in my view iPads are too dictatorial in a number of ways. They also do not display any information at all but just install their apps. Apple reassures their users that they have scanned all apps for malware and compliance with their standards, whatever that may really mean. Another case of blind faith.

Having raised a string of concerning questions in my mind I hunted around for an app analyser – one that could tell me what information was gathered, how it was dispersed and the control a user could exert. It did not take me long to find suitable software, install it and scan all my installed apps. And you have guessed it. With few exceptions a whole array of information stored on my device was mined, recorded and forwarded to goodness knows who. Some of this information was necessary if I wanted to locate my tablet, find the nearest hospital or ATM but what did my browsing history, contact list or machine details have to do with a stranger? It was also curious that many of the pre-installed apps could not even be scanned.

Social network services seem to be the greatest miners of personal information. As we all know Facebook was forced to change most of their security options. Yet one report detailing examination of 100 of the most popular Facebook apps found that some seek the email addresses, current location and sexual preference, among other details, not only of app users but also of their Facebook friends. One Yahoo service powered by Facebook requests access to a person's religious and political leanings as a condition for using it. The popular Skype service for making online phone calls seeks the Facebook photos and birthdays of its users and their friends.

Yahoo and Skype say that they seek the information to customise their services for users and that they are committed to protecting privacy. "Data that is shared with Yahoo is managed carefully," a Yahoo representative said.

But I heard a similar assurance delivered on TV by one of our major supermarkets launching their latest promotion and reassuring all potential shoppers that when their new benefits card was scanned information would only be available to the store and their "partners". Can they really guarantee what such a third party does or may do? One has to doubt this and then wonder what happens if another partner is brought into the fold later.

In case you are curious some of the more common data trawled by some apps are: age range, Facebook ID, full name, gender, list of friends or contacts, locale, networks, network tower ID, profile photo, email address, birthdays, employment history, system's log file data, modify browser's history or bookmarks, create network sockets, modify your system, modify your preferred settings, change wallpaper... and the list goes on.

I can see the legitimacy of specific data usage for many apps but not for all and certainly not for a game like the ubiquitous Angry Birds.

So no matter where one turns privacy continues to be a worrisome issue. I can only advocate diligence whenever using any web based system, reward cards or playing "innocent" games. Beyond that I guess you do as I did, capitulate and join the rest of the world and accept what is being proffered and do so wittingly or unwittingly because that is how we market in the twenty-first century.

Arvo Elias
Cybercons