Back in May, the Global Privacy Enforcement Network (GPEN) embarked upon its second annual Privacy Sweep, this time with a focus on mobile apps.
The Office of the Privacy Commissioner of Canada coordinated 25 other privacy enforcement authorities across the country and around the globe, in an assessment of the privacy communications of some 1,211 apps designed for both tablets and smartphones in a bid to find out which of them left our sweepers most at ease in terms of how their personal information was being collected and used.
By downloading and briefly interacting with the apps, this exercise was meant to recreate the consumer experience. Our sweepers ultimately sought to assess transparency based on five key indicators:
- Which permissions did the app request access to and did the app explain why? For example, did it seek permission to access your identity/accounts, (which may include email address, Twitter handle and Facebook username, but not the information stored in those accounts); location, (based on nearby cell towers, GPS or nearby WiFi networks); photos/media/files, (which can include music, movies and other files stored on your device); camera/microphone, (which could allow the app to turn on and capture data from the phone’s camera and/or microphone, hopefully with the user’s knowledge and consent); device ID/call information (including phone number and an indication of when the user is on the phone and with whom, a request often made by games that wish to pause when the phone is engaged); and device/app history, (often used to perform diagnostics after a crash but that can include sensitive information like log data, web bookmarks and history, which apps are running on the device and other system information.)
- Did the sweeper feel that the permissions being sought went beyond what they expected based on the app’s functionality?
- Were the app’s privacy communications tailored to be read on a small screen?
- Overall, how satisfied was the sweeper with the privacy communications? How well did the app explain the permissions and how it collects, uses and discloses the associated personal information?
At the end of the day, users can only provide meaningful consent to the collection of their personal information if they are well informed as to how that information will be used.
In total, our Office examined 151 apps, for both Android and iOS platforms, that are popular among Canadians. About three-quarters of them were free, while the remaining ones were paid apps. Our assessment included a significant number of games, as well as health and fitness apps, news and magazine apps, and social networking apps.
We believe it’s important to share specific results from our Sweep, as we did last year, so Canadians can better understand our conclusions.
But before we start, let’s be clear: The Sweep was not intended to conclusively identify compliance issues or possible violations of privacy legislation. It was also not meant to be an assessment of the apps’ privacy practices in general, nor was it meant to provide an in-depth analysis of the design and development of the apps examined.
We haven’t conducted a formal investigation and we’ve chosen the following play on words to give you a general sense of how our sweepers felt about the apps during the experience.
With that, here are some examples of apps with the most APP-laudable, L-APP-luster and Dis-APP-ointing privacy features.
On a scale of 0 to 3, our sweepers gave 28 per cent of apps top marks for providing timely, clear, concise explanations of their privacy practices.
In general, these apps made their privacy policies available on their website, their marketplace listing and within the apps themselves. The policies were, for the most part, consistent throughout and clearly explained how the apps would collect, use and disclose personal information.
Among the positive examples identified:
This free app ranked 5th among music app downloads in Canada according to the popular Distimo Apple Store app chart the month of our sweep. Shazam will listen to a song or television show playing in the background and identify what it is you’re listening to or watching.
The app requests a number of permissions, including access to identity (accounts), location, photos/media/files, camera/microphone and device ID/call information.
Our sweepers were singing the praises of this app because its privacy communications provided clear explanations of individual permissions that left them with a generally positive feeling about how their personal information would be used.
For iOS, the app uses just-in-time notifications prior to accessing information, like in the example below which outlines why the app needs access to the microphone. On the Android marketplace listing, sweepers noted there’s a handy link that explains why the app needs to collect certain information. It’s appropriately dubbed: “Why does Shazam need these app permissions?”
Fertility Friend: Ovulation Calendar
This free, made-in-Canada app was downloaded as many as 1 million times by Android users alone. It allows users to input cycle-related information to help track their fertility.
Sweepers were particularly pleased that this app explained not only what it would do with the information it collected, but also what it would NOT do.
For example, the app acknowledges that the type of information it collects is “extremely sensitive,” and promises not to “sell or transmit to others any personally identifiable data” entered on the site. A separate link explains that the site charges for premium services to avoid having to rely on advertisers for revenue.
Trip Advisor: City Guides
This popular free travel app has been downloaded more than 1 million times by Android users alone. It creates travel itineraries and offers reviews of restaurants, attractions and hotels in various cities.
A significant number of apps earned praise from our sweepers for some of their privacy communications, but missed the mark in other areas.
This free app ranked 14th overall in Canada the month before our sweep, according to Distimo’s Apple Store app chart. It’s a motorcycle racing game that allows users to compete against friends and strangers around the world.
For the most part, sweepers felt the app did explain how it would collect, use and disclose personal information. The policy is fairly detailed and organized under useful headings like “what personal information does (the company) collect,” “how will my personal information be used and by whom,” and “what safeguards does (the company) use to protect my personal information.”
Guess the Emoji
This free app reached No. 48 overall in Canada the month before our sweep, according to Distimo’s Apple Store app chart. It’s a fill-in-the-blank word game.
The policy also provided a laundry list of potential uses of personal information, but sweepers were still perplexed as to why the app needed all those details for such purposes.
Their discomfort was only exacerbated by the policy’s explanation of the wide-ranging circumstances pursuant to which such information might be disclosed. It said, for example, that the company “may sell or rent your personal information to third parties for marketing purposes without your explicit consent.”
While it is good that the company provided a detailed explanation of the information it may collect and how it may be disclosed, privacy practices need to be justified, not just stated.
Approximately 26 per cent of apps left our sweepers with a real sense of discomfort in terms of how they conveyed their privacy practices and, in some cases, with respect to what they said they might do with the personal information collected.
Super-Bright LED Flashlight
This free app made it to No. 17 overall in Canada on Distimo’s top Google Play Store app chart the very week of our sweep. It allows users to turn their mobile phone into a flashlight.
The app sought permission to access the user’s camera/microphone, device ID/ call information and even photos/media/files. Besides the camera flash function, it was not made clear to sweepers why the app would need all that information to operate a flashlight.
Without a clear and accessible policy outlining how their personal information would be used, this flashlight app left our sweepers in the dark!
This image taken from an Android device shows the large number of permissions sought by this flashlight app.
Pixel Gun 3D
This free app reached No. 18 among game downloads in Canada on Distimo’s top Apple Store chart the month before our sweep. It is a multiplayer, pixel cartoon shooting game that allows users to create and customize their own characters.
Sweepers ultimately felt the app’s privacy communications left much to be desired and, given the potentially personal nature of the permissions, they were uncomfortable using the app.
It’s best to think of our sweep as a snapshot in time. Apps are constantly evolving. While our sweepers assessed and reassessed each app over these last few months in the interest of quality control, each examination either raised new questions or answered old ones.
At the end of this experiment, one thing is clear to our sweepers: privacy communications are fluid and the level of accessibility will depend on user know-how, the platform being used (e.g. Android, iOS or BlackBerry) and the type of device, whether it’s a Lenovo tablet, an iPad or a Samsung Galaxy smartphone.
Nevertheless, we wanted to provide you with some concrete examples of what we found during our sweep.
Once we’ve finished sorting through our results, in conjunction with our provincial and international partners who are doing the same, we will determine any appropriate follow-up action.
As with last year’s sweep, our follow-up activities will include reaching out to organizations to inform them of our findings and making suggestions for improvements. We also have the option to pursue enforcement action.
Full disclosure: we wrote to the companies mentioned in the blog a week before posting to share our concerns. So far Random Logic Games/Conversion LLC, the maker of Guess the Emoji, has committed to making positive changes.