If you have never read the privacy policies of the applications you use, you probably do not know how your data is collected and shared. But even reading them, you may not know everything, researchers at the University of Toronto have found.
Scientists analyzed the policies of 757 apps for Android and compared them to the data they collect. They found that nearly 60% of apps collected more data than they advertised.
This discrepancy comes in many cases from third-party advertising or analysis platforms, which deal with the developers of the applications. Advertising services are well known for seeking out more about app users, in order to offer them targeted ads that match their interests. The analysis systems are used to document the use of the application.
“Risks related to privacy (and security) arise with the use of third-party software when they send information out of the device to a third-party company and that company stores and uses that information,” write the researchers .
Hard to control
On the Android platform, which is the focus of the study, third-party software vendors gain access to data through permission requests sent to the user. However, the University of Toronto team notes that Android does not offer any way to separately approve third-party applications and software.
“If an application has an authorization, the third-party software also has it,” say the scientists. If the user wishes to withdraw a permission to a third-party software, it must do so for the entire application and therefore loses access to any functionality associated with it. ”
The police station arrested
The Office of the Privacy Commissioner of Canada would be interested in addressing the issues raised in the report, says the team led by Lisa M. Austin. In particular, the researchers suggest that he examine the use of third-party software by application developers and make recommendations for tagging it.
In addition, they note that most privacy policies use an incomprehensible level of language for many smartphone users. “This leads us to wonder whether these applications comply with section 6.1 of the Personal Information Protection and Electronic Documents Act. ”
This article states that “the consent of the person concerned is only valid if it is reasonable to expect that an individual targeted by the activities of the organization will understand the nature, purposes and consequences of the collection, use or disclosure of the personal information to which it has consented.”
Ms. Austin’s team is inviting my office to review the language level of privacy policies and issue guidelines to follow when drafting them to make them clearer.
Adam Thrones is still early into his career as tech and digital marketing reporter but has already had his work published in many major publications including JoyStiq and Android Authority. In regards to academics, Adam earned a degree in business from Fordham University. Adam has a passion for emerging technology and writing on his blog. He is always eager about the new gadgets on the market and likes to cover updates on software.