A new study by the pan-governmental Global Privacy Enforcement Network (GPEN) has found that most mobile app developers are collecting, using and disclosing information obtained by their apps without adequately informing users, or seeking their consent.
The group studied 12,00 apps, and found that:
- 85 percent did not disclose how the information they collected was used
- 59 percent ‘left users struggling to find basic privacy information.’
- 30 percent provided no privacy information whatever
- 75 percent requested permission for more than one category (e.g. access to camera, access to other accounts, access to users address book, etc.)
- 31 percent requested more permissions than the app needed to function.
Of the apps that did provide some information on privacy issues, many linked to an external website that used text too small for be read on a mobile screen, while others linked to a social media webpage that required registration and login before it could be read. In many cases the links were simply dead.
One member of GPEN is the UK’s Information Commissioner’s Office (ICO), whose group manager for technology, Simon Rice, said,
‘Today’s results show that many app developers are still failing to provide this information in a way that is clear and understandable to the average consumer. The ICO and the other GPEN members will be writing to those developers where there is clear room for improvement. We will also be publishing guidance to explain the steps people can take to help protect their information when using mobile apps.’
The ICO does in fact already issue guidance for mobile app designers, which stipulates that,
‘For processing to be fair, the user must have suitable information about the processing and they must to be told about the purposes. Fairness is also about using information in ways that people would reasonably expect.’
For the time being, the ICO has said that it will not name and shame the apps which failed its test.