Smart devices (Specifically, Android devices) have increasingly become an important part of our life because of the plethora of services it provides in the form of applications. These applications are extending the capabilities of a smart phone in all areas of life such as personal services, financial services, health services etc. in various useful ways.
However, as more people rely on mobile devices, more and more private data about these people can be accessed from their devices. In this article we are going to talk about what it means to let application have access to this data and what are repercussions of this.
Before we discuss this further, some of you might argue that whenever any user uses particular application, he should have gone through the privacy policy of the application before using it and the fact that he is using the application means he has accepted the terms and conditions. In that case he should not have any problem, application using your data, right? I totally agree with you but couple of points are worth considering here.
1. Generally privacy policies are written in a legal language that makes them difficult to understand. They’re usually rather long, most people skip to the end and just accept it.
2. Some brave people might dare to go through the privacy policy but often they are vague and do not give you the clear picture. For example, consider the following statement that I have picked up from the privacy policy of one of the online services.
‘We may share your personal information with other third parties.’
Now lets try to understand what it means to let application have access to your device’s data.
From end user’s point of view, whether accessing particular information is reasonable, in terms of privacy depends on the scenario in which the information is accessed.
Lets consider an example of application accessing device’s location. Application’s use of location information is reasonable or not, depends on the purpose. For a social media application, when user wants to share what place he visited, location information is likely to be needed but when user is just going through the news feed it is very unlikely to be needed. Therefore ’When’ the sensitive data is accessed, is important. But is there any way to know this ‘when’ part? Is there any way to know that our social media application is accessing location only when we are using respective functionality (e.g. to share what place we visited) and not other wise? Is there any way to distinguish between legitimate access and illegitimate access?
As people rely more and more on mobile devices, their usage footprint forms a unique trace which can be potentially misused for undesirable purposes that can compromise users’ privacy. Some variants of latest Android versions do notify users of resources being used by application. But the problem is still not fully addressed. Users discretion is still required. So next time any application asks you for sensitive permissions, do yourself a favor and ask yourself,
‘Does this application really need this permission? and if I do allow what are the repercussions of this?’
This article was written as part of the research which can be accessed here.
Image credits: Hugh Han and Maria Freyenbacher