Consumer rights group Which? has accused app developers of sneaky tactics that, while lawful, hoover up more data from us than they need. Furthermore, they highlight that most app privacy policies are too long and deliberately confusing.
In their report, Which? looked into the data privacy of 29 apps commonly used on Android and iPhone. They concluded that despite the enforcement of the General Data protection Regulations (GDPR) companies are still devising ways and means to harvest ever more consumer data.
In some cases, we feared that apps were in breach of GDPR. In others, their practices were probably lawful, but had disturbing implications for the future of privacy.- Press statement: Which?
While all the apps involved some form of encryption, this does mean that it has become much harder to know exactly what they are doing with the data.
Some apps lack security for the user. In particular, Which? highlighted the popular app Flo Period and Ovulation Tracker app, which will contain sensitive information on a woman’s periods and sexual activity but did not have any password-protection as the default. The app’s developer responded by saying they will add a password-setting feature at the registration screen in all future apps.
Which? criticized the developers for their strategies that undermine user privacy, such as hiding the most privacy-friendly settings by default or using questionable advertising permissions.
Another example, Which? looked at was the AccuWeather app, which shared data with 199 of the developer’s partners. Cheekily, the company suggested the user paid to avoid targeted advertisers.
However, it was in the area of the wording of their terms and conditions and privacy policies that app developers have made obfuscation into an art form.
Which? looked at the T&Cs of all 29 apps and it came to a staggering 333,336 words.
That’s longer than Crime and Punishment by Fyodor Dostoyevsky, nearly twice the length of Catch 22 by Joseph Heller and almost four times as long as 1984 by George Orwell.
Based on average reading it would take 22 hours, 21 minutes to read all the policies in one go.- Press release: Which?
Which? has called for a full investigation into the digital ads market, which is driven by the proliferation of smartphones and is worth more than £10 billion in the UK alone. In particular, Which? has demanded the Competition and Markets authority conduct a study into the how the digital advertising market operates.