As part of the 2014 Global Privacy Enforcement Network Sweep, about 26 privacy enforcement authorities in 19 countries downloaded 1,211 popular mobile apps to evaluate privacy practice transparency, according to a post on the Office of the Privacy Commissioner (OPC) of Canada website.
Of the 1,211 downloaded global apps – which appear to be a mix of Android and iOS apps, according to a separate OPC release – that were assessed, 75 percent requested one or more permissions, with location, at 32 percent, being the number one most requested permission.
In a Friday email correspondence, Domingo Guerra, president and founder of Appthority, told SCMagazine.com that the number of apps requesting permissions is growing. He added that location is a very common request sometimes used for finding the nearest restaurant, bank or gas station, but most of the time is not needed for functionality.
“Increasingly, Ad Networks, which provide 3rd party SDKs or Libraries, include code that requests location tracking,” Guerra said. “When developers incorporate an Ad Network – or networks, we often find multiple ad networks per app – into their app, these often come with additional permissions like location tracking. Location information is valuable to advertisers, data brokers, and analytics frameworks to gain insight into where the app might be popular, as well as to serve targeted ads.”
Of other permissions, 16 percent of apps requested the Device ID, 15 percent requested access to other accounts, 10 percent requested camera, nine percent requested contacts, seven percent requested call log, five percent requested microphone, four percent requested SMS and two percent requested calendar.
“Most of permissions requested are not to unlock new or core functionality, but rather are aimed to collect user and device information,” Guerra said, going on to add, “As developers realized that they can't make a living off free or cheap downloads alone, they have turned to Analytics Frameworks (SDKs) to collect data, and Ad Networks and data brokers to monetize the data they collect.”
Of note, 30 percent of apps offered no privacy information other than permissions – on the opposite end, 15 percent of apps clearly explained how information was being collected, used and disclosed, according to the findings.
Additionally, 59 percent of apps raised concerns prior to downloading due to a lack of privacy information, the findings show, and 43 percent of apps had privacy communications that were not tailored to a smaller mobile screen.
“[App privacy communications] are often very complex, have lots of text, and have important information scattered in a sea of clutter,” Guerra said. “I believe there is a great opportunity for reform in this area, and it will need to be driven by either consumer demand, app store (iTunes, Google Play) rule changes, or by government regulation.”
According to Guerra, developers should clearly state what information is being accessed, why the information is being accessed, and to whom the data is being sent.