Shining A Light On Flashlights

You probably have a flashlight app on your phone.  I know I do.  It comes in quite handy as you’re fumbling around when you get home later than expected and haven’t turned on any lights to help you find the door lock.  Prevents one from tripping over any stray cats in the driveway too.

Here is something you might not know about your flashlight app or about any other app for that matter.  It may be doing way more than just lighting up your way.  It may be spying on you and leaking data about you all over the place.  According to a piece on Wired this morning:

The FTC has clamped down on another flashlight apps for doing downloading data for advertisers without informing consumers, and these seemingly innocuous apps are only a small part of the problem. On my phone, several apps want access to information they probably shouldn’t, and odds are, that’s the case with your phone too. The lesson here is that when it comes to mobile software, there’s really no such thing as a free app. But there’s a corollary, and it’s that this whole world of mobile app privacy is both murkier and more troubling than things are on your computer desktop.

Scary.  I did a quick audit of the dozens of apps I have installed on my phone and while most don’t seem to ask for more permissions than might seem logical, a few do.  One app – which ostensibly is there to help me find recipes – asks for permission to :

  • find accounts on the device
  • add or remove accounts
  • read sync statistics
  • create accounts and set passwords
  • use accounts on the device
  • read sync settings
  • toggle sync on and off

Of course I went to read the FAQ section of the app and while it was easy to read it mentioned nothing about what and why it was collecting the data.  So I checked the Privacy Policy which did explain it in legal terms. For most people, that is far less friendly than plain English.  The format of the policy made it almost impossible to read on the device.  It was presented unlike any other piece of information about or in the app.  This tells me one thing: they’re hiding something.  The app is now gone even though I think I know why they want those permissions (the app has its own account system to let you save recipes, shopping lists, etc) because I don’t trust it.

We build trust via transparency and good behavior.  Stealing user data to sell to advertisers without an explicit permission from the data’s owner is neither.  Some smart mobile company is going to position itself as being the “completely safe” one, an environment with apps that don’t leak data and where encryption is the norm.  Until then, check your app permissions.  You might find it illuminating.

Leave a comment

Filed under Huh?, Thinking Aloud

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.