Mobile Apps Asking for Permission: Grant or Deny?

Since mobile device usage has grown into massive numbers, developers have raced once another into creating better and better app in each and every release. But when it comes to privacy, are apps actually getting safer?

Android's Play Store will prompt you to accept the permissions an app requests from your device before installing it. Most people do not pay attention and simply download the app, and thus can open the device to possible data theft, spam and malware infections.

There are a few basic rules to follow when downloading an app. First, where is it coming from. And then, paying attention to permission details it needs. Although these can be the best ways for users to prevent any unwanted circumstances, these aren't the safest way. Many app developers don't always know what they're doing, and this can cause the app to be vulnerable to certain level of hacking.

If you an app taps into your personal information, this can expose your data (contact, location, messages, etc.) to others.

Users can't be totally safe. By installing more apps, the chances that their personal information are kept safe are decreasing.

An Android app can ask for more than a hundred different types of permissions. According to a study, 33 percent of Android apps request more permissions than they actually need. A research that has been conducted revealed that out of 83 percent users paid attention to the permission, 97 percent of them couldn't correctly identify what the app permission were used for, and 42 percent didn't know what those permissions are.

Most apps from reputable developers play by the rules when it comes to how permissions are used. But that is not always the case. The mobile social network Path was caught uploading users' contacts from their address books to it's servers without permission. Path apologized and said it has wiped the data from its servers, but less scrupulous developers have little incentive to do so.

On the other hand, Apple's App Store can generally be trusted, as it screens all apps before publishing them. A few apps have been discovered behaving badly, or found to violate its terms of service, are taken down quickly. But on the downside, Apple doesn't explicitly show the permissions an app has been granted the way Android does. Android developers aren't subjected to the same type of screening like iOS apps, but the app can behave differently. This has made Android more prone to scam apps.

Users can't be totally safe. By installing more apps, the chances that their personal information are kept safe are decreasing. But they can at least stop and ask a few reasonably simple questions to see if the people behind each app have the right priorities.

Why Giving Personal Information?

Mobile apps may need to access several parts of your mobile devices, for example, contacts' information. Some users may find this unnecessary but it does helps a bit for the app to perform as intended. Contact information like email for apps can be used to identify your contacts that use the same service.

A phone number on the other hand, is an inconvenient bit of personal data to get leaked. Users should take more concerns about apps that ask for phone numbers. There is no spam filtering for most phone numbers, so users don't want their numbers getting out.

Having an email address to fall as prey to data breach isn't as painful because spam filters are getting good at their job. And using Facebook or Twitter to sign in to an app won't expose your password if the app is later hacked. And on these social media networks, people can see what privilege an an app has to access your social accounts.

Both Android and iOS leave the explanation to developers to explain why they need to see personal data. Some do so in release notes that may not be read; while others explain as the user use the app.

What App Does What?

The number of mobile apps that are released in their respective stores are increasing fast. The growth is so fast that people can say "there is an app for that". This can be true, and Android's Play Store and Apple's App Store are categorizing each app into their own category for easier search.

App user have limited chance to prevent data leak, despite their phones are jailbreaked (Apple) or rooted (Android) that enables alteration to some permissions. Understanding what an app does and what permission it needs can help users know whether the app is a scam or not.

For example, an app that does battery saving, what does it actually do? If it works as marketed, it should save battery and do nothing else. If the app asks for the user's location or contact information, is it necessary to do so?

What Business Model?

Startups and tech companies are usually supported by investors that supply resources behind their backs. The massive amount of money makes funding a benchmark of trustworthiness.

Many mobile apps are offering their services for free, and does not cost anything for people to use. However, these people that wants to use their service "pay" in different currency, namely their personal data. This personal data is valuable for online companies because they can convert it to revenue; enables them, and their commercial partners to target advertisements and other marketing proposition to these free users.

(Read: Online Companies: Between Users and Customers)

As a business, startups and tech companies need to have a business model to know how they can make money. Some of them won't say upfront and honest, while some others are transparent saying that ads, for example, are their source of revenue. These are two of most obvious scenarios.

Users need to know what business model does the company behind the app has. Since companies are less likely to be 100 percent honest, users need to be aware that their personal data can be shared among other parties. Any data you give to an app, can also be used to further its business purposes in the future.

How Do I Delete My Account?

Many online services, and social media, have their own website and their dedicated apps. Usually, if not often, their website works in tandem with their apps, creating an ecosystem where users have the power to grant or deny specific third-party services. However, some apps don't have this feature, and deleting a user's account can be a pain.

Deleting account in an app can be done with its in-app or online dialog box that include the words similar to "delete account". If the app have to send an email where the user needs to wait for a reply, then the app's developers haven't thought of privacy thoroughly, or this isn't their business model.

User privacy and the security of mobile apps are the utmost importance. Since there are many ways that these can be abused, the results can be devastating. All mobile apps on the market should take steps to inform users what exactly the apps need to work properly before being installed, what personal information these apps are going to access, and what are they going to do with it.

And when a user is through with an app or wants to delete it, the app (or the company behind it) should obey this decision and delete all of the user's data it has possesed. However, the chances are rare. And even if if you can delete your account and data permanently, the chances are the steps are difficult to follow, or the process is time consuming.

Transparency is the key. This will make developers honest with their users, and in return, they will gain their trusts.

Unfortunately, the weakest link in the open disclosure process are the end users. Even if the users are informed that an app is going to tap into their information, many people just will approve it and move along. It's bad for apps to do things behind the user's back, so asking permission should is a must. Even if that happens, users are their own worst enemy and they'll end up approving just about anything it wants to do, even if it sounds bad.