Mobile Apps, Your Data, and your digital Shadow

‘There’s an app for that.’

Mobile Apps, Your Data, And Your Digital Shadow .jpg

By Gary Weisenborn

The meteoric rise of apps—a business that barely existed 10 years ago but now dominates daily life and conversation—is here to stay. Entire businesses now revolve around them and fortunes have been made on them.

As useful and entertaining as apps have become, so fully integrated into our daily lives that we now can’t imagine functioning without them, users need to be weary of their full capabilities. Our age, interests, purchasing habits, frequented locations, health, and social maps are all up for grabs by developers. This invaluable information creates our digital shadow, which can be packaged and sold to the highest bidder.

According to Me and My Shadow, “When we use digital services through our laptops or mobile phones, we actively and/or passively leave digital traces. On a daily basis, we might browse the Internet, access news websites, rant on Twitter, post photos on Facebook, comment under YouTube videos, publish blog posts, receive phone calls or send SMS messages. In some cases, our data is collected without our knowledge or consent – like when our browsing habits and IP address are collected while we visit a website. In other cases, we choose to hand over our data to third parties – when we share photos on Facebook, or book a flight ticket, for example. Through all such activity, we leave digital traces which result in the creation of our digital shadow.”

It’s tempting to download the fast-food restaurant app to make ordering ahead easy. But knowing exactly what data that app is collecting, however, isn’t. That’s because many apps engage in irresponsible practices. Once you know how to identify them, you can decide which apps are worth an invasion of privacy – and which aren’t.

Convenience comes at a cost.

Often, apps collect way more information than is necessary – and sometimes share or sell it. Consider the curious case of flashlight apps. It would seem, at least at the first glance, that they exist for a sole purpose: to turn on the LED flash of mobile phones. But surprisingly, many have access to a lot of unnecessary data and phone functions, including your calendars, location and camera.

Such apps that inexplicably request access to your personal photos, camera, location service, camera or microphone usually do so for less-than-helpful reasons, so users are warned to be wary.

If an app has a privacy policy, such practices may be disclosed but according to a 2016 Future of Privacy Forum study, at least 24 percent of top apps still don’t have a privacy policy. And while terms of service agreements and privacy policies are not often read, they offer critical insight into the app company’s commitments – and are legally enforceable.

In fact, in response to such practices, Google now plans to remove apps that handle personal or sensitive data from the Google Play Store if they don’t have privacy policies.

Even trusted brands deserve a second look.

In 2014, the Starbucks app was discovered to be storing passwords, email address, and previous GPS information unencrypted, leaving it exposed. Starbucks addressed the vulnerability shortly thereafter – but it was far from the only app to have faced this issue.

Facebook is another power player that has found a way to access users’ information – even when they don’t have the Facebook app. While users can still access Facebook from their mobile browser, they are required to download the Messenger app for it to have any functionality – thus circumventing the need for users to even download the Facebook app itself. As The Guardian explained, “The real reason that Facebook is pushing chat into its Messenger is to create another platform or silo from which Facebook can access you as a user.”

Even the perhaps lesser-known ‘The Brightest Flashlight’ app, for example, shared its users’ exact location and device ID with third parties – without disclosing it – and was charged by the Federal Trade Commission in 2013. But that’s not often the case.

What can be done?

For all their perceived convenience, it may feel understandably hopeless when it comes to having apps and privacy protection, too. But it is possible to take control of your information. The FTC offers a host of information on how you can protect yourself from data collection, and here are four simple steps to help you maintain your digital autonomy.

  1. Change your settings. Apple iOS tells users which apps have access to what data by going to Settings > Privacy. And Android version 6.0 and up helps users manage app permissions by going to Settings > App > Permissions.
  2. Read the disclosures. Even if you don’t read the privacy policy, at the very least make sure the app has one. You can even take it a step further by checking to see how seriously the app takes encrypting user data by looking at their disclosures in the privacy policy.
  3. Choose apps that exist specifically to protect your privacy. Signal is an app that uses end-to-end encryption to protect your texts and calls. DuckDuckGo is a search engine that won’t collect, store, or share any of your information. Disconnect protects users from tracking and improves device performance. A little shopping around and research could go a long way in finding apps that offer all the convenience without any compromises to your privacy.
  4. Update and maintain your apps. Regularly update your apps, check permissions, and delete unused apps. Surprisingly, many apps can collect even more data when they’re dormant. So if you haven’t used an app in over a month and can download it again easily, consider deleting it.
  5. Stay informed. RedVector, a Vector Solutions brand, provides a comprehensive online IT, security and cybersecurity training library to help organizations and individuals improve improve security. Its library includes over 900 courses with expert instruction and live demonstrations for training on mitigating attacks and vulnerabilities.

The modern conveniences of the digital age have made astounding strides in how we learn, travel, eat, stay healthy, entertain ourselves, stay connected – and more. But such conveniences come at a cost. With a little research and a few simple steps, you can take control of your data, cybersecurity and privacy online when using mobile apps.


About Gary Weisenborn

Author's Bio: Gary Weisenborn is the Chief Information Officer for Vector Solutions. He is responsible for managing the Company’s technology systems and operations. Weisenborn has several years of leadership experience as a senior IT executive, CIO and head of product development with MCI, Verizon (Bell Atlantic), ADP, Convergys and Syniverse Technologies.

More About Gary