Invasion of Privacy by The Apps

–Kakali Das |

ARRCA, a cyber-security firm which studies on‘data privacy’ has examined about 330 Android and iOS apps, along with other websites and have essentially found that 71% of these applications can access exact locations and 62% have access to the camera. With respect to the children’s apps, they said that 87% of the apps accessed at least one dangerous permission. By ‘dangerous permission’ it means permission like access to the camera, audio, microphone, contact list, messages, exact location and so on and so forth.

“We started this study about 5 years ago where we tried to study Indian apps and websites, because we found that there are very few data points about India when it comes to privacy. We have always considered scrutinising the children’s apps since we’ve been witnessing people around us using apps or websites which are extremely concerning. So we started examining and diving deep into that. This year while we studied about 300 + apps in the general and business category, we studied 29 children apps. Incidentally, there are a lot more of them targeting Indian children this year compared to the last, so we could study a larger sample size and some of those findings have been of concern. Alongside, we found certain other concerning statistics, for example, 57% of them allowed in-app purchase options, which essentially means that if one is a parent and he/she has a credit number or wallet fed in, which a child can actually go on clicking and purchasing items without any supervision of the adults. There are 53% of them which actually have in-app ads with no ads pertaining to children. 80% of them allowed access to files on storage, 30% to phone details – meaning, they could check who was being called and what actions were happening on the phone. These are the points which rings bell of concern, but we don’t yet have laws in place to be able to curb this in India”,Shivangi Nadkarni, Author, ARRCA report said.

84% of the apps don’t have a notice addressing children under age 13. When these kinds of data aremade available, it gets accessed from the phones and goes to the central servers that belong not just to the entity whose app it is, but it can also be accessible to an entire host of third parties which are present in the app, or the entity can further share with other players as well. Firstly, it is about data which is going out of the phones without the owner realising it and secondly, one has no control over it once it goes out of one’s own sight.

On being asked about the list of dos and don’ts that people should or shouldn’t do and how cautious should the people be, “This is going to be a little contra to what the trends are, because there are more and more apps coming out with a lot of push towards people using it, and what’s called ‘the app economy’. But what I would suggest is the reduction of the number of apps one has access to. So, I always advice deleting of apps which aren’t used in a while, in order to minimise exposure. Secondly, look for all the sensitive permissions available and turn them off wherever one can, especially the location, camera etc.”, Shivangi Nadkarni further said.

“A lot of people who have seen our study have actually called us and said that after that they realised how much happens and they have gone on and actually turned off permissions. From all the apps that their children were using, deleted apps on their devices that kids use. I would say, go back and relook at all the permissions, for eg, an android or an IOS phones both tellsus what dangerous permissions are being taken by which apps and kindly manually turn them off”, she said.

Regarding the predatory loan apps which have caused many suicides, there is an update, an advisory that has come in from RBI and in a statement they said that there had been reports about individuals and small businesses falling prey to a growing number of unauthorised digital lending platforms and mobile applications on promises of getting loans. They, basically, said that these reports also referredto an excessive rates of interest in additional hidden charges and hence, RBI cautioned people to be careful.

The world is moving into an era where laws are coming up all over the world, which are mandating or putting curbs and controls over what can be done. So, when the Indian law is implemented, we are hoping to see a change, since we witnessed a benchmark against apps in Europe. For example, when the EU GDPR, a powerful privacy legislation has come in on all parameters, there are at least 50% fewer apps taking permissions as compared to India. So, that leaves one hope that interventions from a legal side will definitely help. Secondly, Google and Apple have come down vigorously on some permissions, such as, Google has made an intervention where it has put in very severe curbs on apps taking SMS and phone call access. So if compared with the previous years, we have seen a dramatic decline in apps taking access to SMS and phone call permissions. So, I think a combination of laws and interventions from ecosystem players, standard bodies will hopefully make a huge difference. The Personal Data Protection Bill 2019 is currently being examined by the Joint Parliamentary Committee and that is the single most important answer to all the concerns above. The bill very clearly articulates certain basic principles, that no collection of data will be permitted more than what’s required, or data won’t be used for purposes not meant to be used, including a bunch of penalties associated with it, to the extent of 2% to 4% of global turnover of the companies. Hopefully, with these kinds of curb in place, there will be some deterrence that will force people to take measures. Whatever laws there have been worldwide, things have taken a dramatic turn for the better.