Our mobile phones can a number of things about ourselves including where we live and work, who our family, friends and acquaintances are; how (and even what) we communicate with them; and our personal habits. With all the information stored on them, it isn’t surprising that mobile device users take steps to protect their privacy, like using PINs and Passwords to unlock their phones but rarely use the same precaution to protect information that is gleaned and stored on servers.
The Mobile Computing Model: Data Meets Algorithms
Mobile apps use databases for much the same reasons desktop and web applications do. Databases allow you to store data in a secure place so you can access it later. However, apps cannot directly use external databases to store this data. Either way, your app has to work as if none of this happens. Mobile databases are the keys that make this possible.
Developers don’t have ultimate control over where the data they collect ends up. Many app developers are trying to make money off their apps, and a common way to do that is to offer it for free and hook up with an ad network. Those ad networks have existing app libraries — resources with pre-written code that developers use. Both iOS and Android apps are capable of accessing your phone’s microphone, cameras, camera roll, location services, calendar, contacts, motion sensors, speech recognition, and social media accounts. Some of this access is necessary: a photo app doesn’t work without access to a smartphone’s camera, just like a ride-hailing app like Uber doesn’t work without location information. Reject those permissions, and you’ll be denied access to use the app.
An app doesn’t just collect data to use on the phone itself. Money lending apps, for example, send your location to a server run by the app’s developer to calculate the credit risk before granting you a loan. The app can send data elsewhere, too. As with websites, many mobile apps are written by combining various functions by other developers and companies, in what are called third-party libraries. These libraries help developers track user engagement, advertise and integrate with social media and other features, without having to write them from scratch. However, in addition to their valuable help, most libraries also collect sensitive data and send it to their online servers – or to another company altogether. Successful library authors may be able to develop detailed digital profiles of users. For example, a person might give one app permission to know their location, and another app access to their contacts. These are initially separate permissions, one to each app. But if both apps used the same third-party library and shared different pieces of information, the library’s developer could link the pieces together. This is possible through advanced algorithms that compute various dimensions of the various data sets and build a recommendation engine.
Recommendations: Ask for Permission or Forgiveness
For now, until stricter rules are in place, most of the onus still falls on the smartphone user to try to make sense of privacy permissions. One of the things that’s really lacking right now in permissions is not only consent, not only informed consent, but ongoing consent
I would recommend avoiding automatically granting permission to apps to access all the data they want. Be aware that, often, the app can still function without the permission. Let’s reduce our knack of getting things for “free” Try installing a paid, ad-free version of an app instead!
