Some 85% of mobile apps fail to inform users how they collect, use and dispose of personal information, according to a new study by privacy watchdogs across the globe.
The research, undertaken by the Global Privacy Enforcement Network (GPEN) of 26 privacy regulators, analyzed 1,211 mobile apps.
It found that, aside from failing to provide basic privacy information, a third requested an “excessive” number of permissions to access personal info, while 43% failed to provide privacy information which could be read adequately on a smartphone.
Text was frequently rendered in too small a font, or else users were required to click through multiple pages and/or scroll horizontally as well as vertically to read important information, the ICO said.
“Apps are becoming central to our lives, so it is important we understand how they work and what they are doing with our information. Today’s results show that many app developers are still failing to provide this information in a way that is clear and understandable to the average consumer,” said ICO technology group manager, Simon Rice.
“The ICO and the other GPEN members will be writing out to those developers where there is clear room for improvement.”
The UK’s privacy watchdog did find examples of best practice, however.
This included use of “pop-ups, layered information and just-in-time notifications” to enable user to read privacy info on small screens.
Other apps explained what they would as well as would not do with personal information, while some apps provided links to the privacy policies of advertising partners, the ICO added.
“Others gave users the option to ‘opt-out’ of the ‘help us with analytics' feature, which uses software to collect user information to improve the performance of the app,” it said.
Andersen Cheng, CEO of encryption firm SRD Wireless, argued that many apps store more user data than they need and then share it with other applications “in ways that simply aren’t secure.”
“All of this can turn individuals’ personal information into a goldmine for identity thieves, spammers and others: as even with the best of intentions, app developers and operators can always fall victim to data breaches and attacks that spill the data of thousands or even millions of individuals,” he added.
“Also remember you are not always the target: you have all your contacts’ data as well, and sometimes it is yours friends and family that ID thieves are after.”
Cheng recommended users “take back control of their own data” by shunning apps which fail to store only the minimum necessary data.
“Since any data can be used to guess passwords and security question answers, users should take care that their own passwords and answers are entirely randomised and bear no relation to the question itself,” he added