February 14, 2020 | 6:01 PM GMT+0800 Last Edit: May 12, 2020
This refers to a software application running on the Android platform. It is designed for a smartphone or a tablet PC running on an Android OS.
Govern what the application can do and access, ranging from access to data stored in a mobile phone (e.g. contacts, media files, camera, microphone, etc.,) to access to a phone’s hardware.
Whenever Valentine’s Day comes around, there is a surge in usage of dating apps1. In 2017, a dating app recorded a 20%2 usage increase at this time of year and it is expectd to rise again in 20203.
To create an account, most apps require a user to fill out an online form or to connect through an existing social media account (e.g. Facebook or Twitter) to verify one’s identity. This way, dating apps gain access to and control of the user’s personal data.
In recent years, vulnerabilities that would put users’ personal data at risk have been uncovered. Though subscribing to a dating app may seem harmless, it is important to remember that it may adversely affect the users’ reputation and privacy.
According to the Open Web Application Security Project (OWASP)4, mobile applications are more susceptible to attacks than regular web applications. By downloading these applications, users unknowingly expose themselves to privacy risks.
In most cases, users are forced to accept permissions through an all-or-nothing approach (i.e. they cannot authorize just a subset of the requested permissions or cancel the installation of the selected application). Likewise, mobile app permissions are not well-defined to users (e.g. the permission SEND SMS allows an app to send SMS messages both to normal and premium numbers – not giving any options to users), making authorization decisions more difficult.
It should be noted that the inclusion of application permissions in privacy notices does not equate to transparency. In some cases, an application’s declared permissions are not consistent with those required.
Mobile applications bring convenience to users, improve how organizations provide services to customers and maximize smartphone technology. But these benefits must not come at the expense of users’ data privacy rights.
The following are things to consider when using apps:
There is a lack of transparency when explaining purpose of processing and final disposal of personal data collected by mobile apps. Privacy notices are not easy to read. Some are legal in nature and too long. Others refer to the blanket privacy notice of the entire organization, making it difficult for data subjects to read through it. In addition, certain mobile applications seek permissions that are not relevant to their functions.
Moreover, a majority of the applications do not provide a privacy notice before users sign up or create an account. Also, there are no standards for mobile application development which result in a developer’s tendency to seek excessive permissions.
In summary, the convenience that comes with using a mobile application may be the most unrecognized threat to privacy. Users often enjoy the convenience at the expense of their data privacy. People easily grant permissions to an Android app without carefully reading the terms and conditions.