Years ago, Tim Cook, Apple’s CEO, wrote a letter on the company’s privacy website, where he argued that “users of Internet services began to realize that when an online service is free, you you are not the client. You are the product.”
Although data protection regulations require companies to indicate what information they collect and what mobile tools they will access -such as contacts, location or the camera- many times this is not so clear due to the length and complexity of the texts of Terms of Service.
A study by Visual Capitalist revealed how long it can take to catch up with the privacy policies of popular apps and found that they range from 10 minutes, in the case of Instagram, to more than an hour if we stop at Microsoft’s, without considering the technical language and the comprehension difficulties that may be involved.
This results in most users accepting without reading, but is it feasible to hold them accountable? Who hasn’t felt like they were wasting time reviewing a contract that they can’t change or reject, or even understand?
The truth is that although many of the requested accesses and the information that is collected have the objective of “providing a better service” or simply working correctly, others are data that are sold and feed a multi-million dollar industry.
The personal information that most apps collect and store is email address, name, age, sex, sexual orientation, race, location, home address, mobile phone number, landline phone, type of device, bank details, language, contacts, employment status (employed or unemployed), height and weight.
With all this, databases of user patterns are created, which gather information from thousands or hundreds of thousands of people, which marketing companies use to direct their products to their ideal audience at lower costs than traditional advertising in space. programmatic or personalized promotion, in addition to carrying its own analytics.
The US Federal Trade Commission suggests paying special attention to apps that request access to your contact list, camera, location, and microphone.
If you discover an app that requests access to your phone’s camera, even though it shouldn’t need it, your options are to remove permission for that app to use this feature from your device, or to delete the app outright.
Another possibility is to limit the access of these applications so that they can only use this information when the app is in use, as is the case, for example, with the location.
The Commission, in turn, recommends not automatically logging into applications through a social network account such as Facebook, Twitter or Instagram. This could enable the collection of personal information from that account or from the application. It is always preferable to sign in to applications with your email address and a unique password.
Lastly, a key tip is to delete apps that are no longer used. Also be selective with downloads, make them from trusted sites such as the official Apple or Google stores, and also track the opinions of other online users in relation to the privacy of each company or service.
According to a study by Clario Tech, a security software company, Facebook knows the most about its users, collecting 79.49% of the data it can legally obtain. It is followed by Instagram, with 69.23%, and then Tinder and Grindr, with around 60%.
The fifth place is for Uber, which collects 56.41% of the data, then comes TikTok, with 46.15%, and below are Twitter (33.33%), Netflix (25.64%), PayPal (25.64%), YouTube (23.08%), Slack (23.08%) or WhatsApp (20.51%).
Of the total number of applications analyzed by Clario Tech, 6.25% of them had the option of storing face photos. By using filters from TikTok or Instagram, these companies track facial movements to build an image of the user. Other apps can go further by requesting access to the entire library of images.
This information can be used to tailor ads specifically to the interests of each profile, tracking images of sports, music, nights out, and events you attend to deliver personalized experiences.
Another study, conducted by cloud storage provider pCloud, found that 52% of the apps it studied shared user data with third parties. The most invasive? Meta platforms: Instagram and Facebook, which transfer information such as purchases made, location, contact information, contact list, search history, financial data and diagnostic information of its users with third parties.
LinkedIn appears in third place in this report, sharing similar data to Meta’s social networks. Fourth place goes to Uber Eats and fifth to Trainline, a service that allows users to search for train tickets.
Although we cannot protect 100% of the information we leave when we browse or the data necessary for the operation of some applications, there are measures that we can take.
From the Avast company blog, they recommend reviewing the permissions that we grant to each app by entering the ‘Settings’ of the mobile and then ‘Applications’. There, read the permissions and disable the ones that the app in question shouldn’t need to work.
CyberSec84 | Cybersecurity news. 
Leave a comment