Privacy is one of those topics which seems to consistently be in the news. Which, while at times can appear as scaremongering, is understandable. Smartphone owners do care about privacy and with mobile devices now having more access, to more information, than they ever have before, the possibility of that information getting into the hands of the wrong people, or anyone for that matter, is more of a concern than ever.
Well, a recent study by researchers at the Carnegie Mellon University has found that a good number of apps on the Google Play Store seem to be not quite right when it comes to their privacy policies. That is, the apps are either acting in a way which is not in line with their stated privacy policy, or they lack a privacy policy altogether. To put this later point into perspective, the study found that nearly half of “18,000 popular free apps” seemed to lack a privacy policy. This was in spite of the findings suggesting that 71-percent of those 18,000 apps were processing personal information. Including information which can identify a user. With some of the other stats being touted including 41-percent of the apps “could be collecting location information” and 17-percent of apps sharing that same collected information.
Now, it does need to be made clear that a lot of the language used in this report consists of ‘could’, ‘might’, and so on. As no apps are specifically mentioned and the study does seem to be clearly saying that these figures are not a firm representation. One of the reasons the study is not being so definitive is that the gathering of this data was conducted through the help of an automated analysis system. As such, the study does point out that there is the possibility that the automated system was not able to actually find the correct privacy policies which would accurately reflect the behavior of the apps – that is, it is not that they don’t exist, just the automated system was unable to locate them. Likewise, the study picks up on the fact that it might not necessarily be the case that developers are deceiving app users, but more so, that they might be unaware they are actually collecting and/or sharing data. For instance, Norman Sadeh, one of the researchers involved in the study points out that if an app is using Google Maps, then by association, it is ‘processing location information’ and by using the app, the user is “effectively sharing personal information with Google.”
Therefore, the takeaway which seems to be the focus of this study is that whether intentionally or not and whether to the scale being suggested or not, it could be the case that apps are not exactly conforming to the privacy policy that a user of the app might be led to believe is in effect. As well as the importance for app developers to ensure that their apps are indeed conforming to the privacy polices that they have set out.