Three quarters of mobile apps harvesting personal data unnecessarily, claims study
- Nearly 87% of Android apps and 60% of Apple’s iOS versions seek access to personal mobile data unrelated to their performance
- Bumble is the UK’s most intrusive popular app, collecting 44% more data than it needs to work and requesting the most permissions to access device features
- Fellow dating app Tinder and social media favourite TikTok are also among the biggest data grabbers of popular UK apps
- The new research by NordVPN reveals that two in five apps (42%) ask for permissions about user activities not connected to their function
Three-quarters of mobile apps are harvesting our personal data due to unnecessary and overreaching developer permissions, according to an analysis of the most popular mobile apps globally by cybersecurity company NordVPN.
Researchers used the privacy checker Exodus to compare the leading apps of 18 different countries including the UK, US, France, Germany, Italy and Spain.
In the UK, Bumble was found to be the biggest offender among the most popular downloads, with 14 out of its 32 requests (44%) about data unrelated to the functioning of its iOS app.
The dating giant’s Android app also sought the most access to users’ devices of the top apps analysed, asking for a total of 46 permissions, including 14 “special” permissions relating to areas storing highly sensitive information.
Typically, iOS apps provide fewer permissions than their Android equivalents, as Apple locks down more features, offering added security but potentially less control for users.
|
UK’s most popular iOS apps (Data and permissions)
|
||||
|
|
Functional data
|
Non-functional data (3rd party advertising, developer advertising, other)
|
Necessary permissions
|
Unnecessary permissions
|
|
Google One
|
16
|
5
|
5
|
0
|
|
TikTok
|
21
|
18
|
4
|
1
|
|
Disney+
|
8
|
6
|
4
|
1
|
|
Bumble
|
18
|
14
|
7
|
1
|
|
Tinder
|
15
|
8
|
5
|
0
|
|
UK’s most popular Android apps (Data)
|
||||
|
|
Functional
|
Non-functional
|
Mandatory
|
Optional
|
|
Google One
|
16
|
6
|
12
|
10
|
|
TikTok
|
24
|
3
|
10
|
17
|
|
Disney+
|
11
|
0
|
9
|
2
|
|
Bumble
|
22
|
9
|
24
|
7
|
|
Tinder
|
18
|
9
|
22
|
6
|
|
UK’s most popular Android apps (permissions)
|
|||||
|
|
Permissions
|
Unnecessary
|
Permissions (Exodus)
|
Special/ Dangerous/ Biometric
|
Trackers
|
|
Google One
|
14
|
2
|
17
|
1
|
1
|
|
TikTok
|
24
|
6
|
35
|
8
|
5
|
|
Disney+
|
8
|
0
|
14
|
2
|
2
|
|
Bumble
|
25
|
6
|
46
|
14
|
6
|
|
Tinder
|
24
|
6
|
30
|
10
|
12
|
Behind Bumble came TikTok for Android, with 35 device permission requests, the second most out of all the UK apps in the study. Meanwhile, Tinder’s Android app contained a dozen trackers, more than any other of the leading apps. While some trackers purely monitor an app’s performance, others are used for marketing, following consumers’ online habits and building up a detailed virtual profile of them, even when the app is not in operation.
NordVPN’s research showed that some data collection practices were so extensive that they suggested the app itself was less of a priority than being able to acquire information on its users. One in seven (14%) apps in the study were found to collect more pieces of unnecessary data than data required for the apps’ performance. Only 8% of apps did not request any unnecessary data.
In total, 42% of all apps studied asked for permissions related to activities beyond its own function, including user data across other applications and websites. Over one in three (37%) of the featured apps sought access to the user’s location, 35% to their camera, 22% to their photo gallery, and 16% to their microphone.
Social media and messaging apps raise the most concerns
Social networking, messaging, navigation, and dating apps require the most significant number of permissions compared with other categories – and also lead the way when it comes to unnecessary permissions. On average, social networking apps request ten unnecessary permissions, navigation apps ask for nine permissions, dating – six, and messaging – five.
Android users can be the least worried about gaming apps. They only request 10 permissions and ask for less than one unnecessary permission on average. While food and drink apps on iOS ask for less than three permissions on average, in terms of unnecessary permissions, productivity apps were the least intrusive, with nearly all sticking to essential requests only.
On average, apps from East Asia ask for the biggest amount of permissions overall – as well as the most unnecessary permissions – with Hong Kong and Taiwan dominating both the Android and iOS charts. Android apps from Japan and Singapore also make a strong showing.
On the flip side, apps from Mexico made the lowest number of unnecessary permission requests and the lowest number of permission requests overall for Android. For iOS, apps from Spain and the US made the least overall requests, while apps from Spain, the US, Italy, and Poland made the least number of unnecessary requests.
Says Adrianus Warmenhoven, cybersecurity advisor at NordVPN:
“Millions of mobile users are unaware that the apps they use every day are collecting unnecessary amounts of their data.
“Permission requests are either being missed, or people are clicking accept without fully realising that most of what they are agreeing to is not necessary to the functionality of the app. This data is then used to track consumer behaviour across other sites and services.
“Users should always consider whether the app needs certain data to do its job, because collected data could be used against our interest. It’s especially important to be more attentive to some categories of apps which are more intrusive, such as social media, dating or messaging apps.
“Make sure you are downloading apps from reputable companies that subscribe to privacy policies and keep downloads strictly to official stores such as Google Play and the App Store. Be wary about apps that ask permission to use your camera when there’s no obvious reason that it would need to.
“Close apps when they’re not in use and delete them if you haven’t used them in a long time. We have seen incidents of apps collecting information for criminal purposes or to infect devices with malware.”
How to protect your privacy on apps
To secure your privacy when using apps, Adrianus Warmenhoven has some expert tips:
- Download from official stores. Unofficial app stores won’t always have systems to check whether an app is safe before it’s published and available to download. Moreover, getting an app from an unofficial source carries the risk of it being modified by criminals.
- Read the app’s privacy policy before downloading. Check what information the app will track and what it will share with third parties. If you’re not happy with the level of privacy, look for an alternative.
- Get to know your data permissions. When you download an app, you’ll be asked to give various permissions to access your data. Make sure they make sense to you. If you already have an app, review all the permissions and turn off the ones you don’t want or need, and consider deleting the apps that ask for many permissions (especially if they’re not needed for the app’s functionality). You should pay particular attention to permissions like camera, microphone, storage, location, and contact list.
- Limit location permissions. Many apps request access to your phone’s location services, so ensure you know which apps you’ve granted access to. It’s best to allow apps to track your location only when using the app, rather than all the time.
- Don’t automatically sign in with social network accounts. If you’re logging in to an app with your social media account, the app can collect information from the account and vice versa.
- Delete apps you don’t use. If an app is sitting unused on your screen and you’re not getting anything from it, delete it. Chances are it’s still collecting data on you even if you’re not using itFor more information about the research go to NordVPN
One thought on “Three quarters of mobile apps harvesting personal data unnecessarily, claims study”
Comments are closed.