The Cambridge Analytica affair has internet browsers asking themselves about social media’s collection and use of personal data. After Facebook, will other Mobile Apps see the cost of this wake-up call? The blurriness which surrounds their uses of our personal data, via vague authorisations, is causing more and more problems.
In general, Mobile Apps have access to the phone’s microphone, camera, location, contacts, and have access to the phone user’s social media accounts. As you can probably guess, this represents an impressive amount of information as well as all types of data. Except that the user has already given permission for this information to be collected. Some apps cannot even work without these permissions; Uber, for example, cannot work without knowing our location.
We would be forgiven for thinking that the apps can only use what we allow them to use. There is another problem however; the authorisation agreements are often simplified and do not tell us exactly what the app will collect and to what purpose. Just as Wired explains, “most people are confused as to what information their apps have and don’t have access to.” Once the barriers that protect our information are raised, it becomes very hard to tell.
Once we authorise an app to collect our data, it is then very hard to calculate how exactly it will choose which information to use. For that very reason, the Wall Street Journal proposed to analyse exactly what happened during a friend’s pizza night. In total, 53 different pieces of information were collected and transmitted to advertisers and companies without the user realising it. This ranged from messages on Messenger, to using Google Maps for getting the pizza, to posting pictures of the food on Instagram…the list goes on. While this example remains anecdotal, it nevertheless serves as a realisation in regards to companies’ constant data collection via our use of Mobile Apps.
A Guardian journalist conducted another experiment, this time using Tinder to try and showcase the colossal quantities of data collected and kept over time. Thus, after asking Tinder for all the data they had on her, Judith Duportail received 800 pages. Which on top of her activity on the app contained her “likes” on Facebook, the amount of friends she had on the platform, her educational and career paths, places she visited according to her Instagram, and much more information.
Another important element to mention is that data circulates not just on our apps. Scientific American tells us that 7 out of 10 smartphone apps share our information with third party libraries like Google Analytics. They then allow app developers to know users commitment rates as well as evaluate how much they frequent social media. However, these apps can also be used to collect information from other applications, ones to which a user may not have given the same amount of information access.
By overlapping information, these apps can thus create precise user “profiles” with factual details ranging from sexual to political preferences. These profiles can then be sent to servers, but also to companies, making them goldmines for targeted ads. Today, very few developers tell their users which libraries they use, which in turn prevents users from knowing which information is used.
Today, national legislations associated with data remain patchy at best, and countries are having trouble protecting their internet users. Web giants like Apple or Google, which allow their users to download apps from their respective stores, have been heavily criticized on the lack of clarity in their security policies.
To show good faith, Google and Apple have asked their developers for stronger security guaranties and have allowed their users to control confidentiality levels, all of which paled in comparison to the scandal’s magnitude. Pushed to the wall, Facebook has attempted to ease user’s minds by offering to review each company and find out what informations were shared from users’ app accounts. However, it seems that a review of data sharing policies needs to be more thorough than that.
Consent cleared up
“Facebook will use location settings to help you find places and enable certain functions.” These types of authorisation messages are among those that are criticized by researches like Gennie Gebhart, who works for the protection of private life at the Electronic Frontier Foundation. According to her, users are not given enough information about what they are agreeing to and what will become of their information once it is collected. It is simply a case, then, of going from consent to a more “cleared up” consent, with notably more information on what happens to our data.
Gebhart adds that, “if Facebook must store your calls and messages forever, your agreement should require more than one click.” The researcher also points out another major challenge; the preservation of data that has already been shared, which is for the moment extremely complicated if not impossible.