Most apps are 'failing on privacy', claims report

  • Published
Woman with smartphoneImage source, Getty Images
Image caption,
App makers were not doing enough to explain data implications, the report said

The vast majority of popular apps are guilty of basic failings over user privacy, a report has warned.

The Global Privacy Enforcement Network (Gpen) looked at 1,211 apps and found 85% were not clearly explaining what data was being collected, and for what reason.

Almost one in three apps were requesting an excessive amount of personal information, the report said.

The UK's Information Commissioner's Office (ICO) has backed the findings.

"Today's results show that many app developers are still failing to provide this information in a way that is clear and understandable to the average consumer," said the ICO's group manager for technology, Simon Rice.

"The ICO and the other Gpen members will be writing to those developers where there is clear room for improvement.

"We will also be publishing guidance to explain the steps people can take to help protect their information when using mobile apps."

Privacy International told the BBC that users being left in the dark on data collection was "completely unacceptable".

"Sadly this type of smash and grab is now becoming an industry standard, where apps are taking as much information as possible and hoping users don't notice.

"We deserve to be in control over what information is shared and under what circumstances, no matter the applications we use or size of the screen."

'Not surprising'

The ICO examined 50 of the most popular apps released by UK developers - on the Android and iOS mobile platforms.

Other data watchdogs carried out research in 39 countries, with Gpan collecting the results.

The resulting report suggested:

  • 85% of the apps surveyed failed to clearly explain how they were collecting, using and disclosing personal information.
  • More than half (59%) of the apps left users struggling to find basic privacy information.
  • Almost 1 in 3 apps appeared to request an excessive number of permissions to access additional personal information.
  • 43% of the apps failed to tailor privacy communications to the small screen, either by providing information in too small a print, or by hiding the information in lengthy privacy policies that required scrolling or clicking through multiple pages
Image source, Getty Images
Image caption,
Many users install a multitude of apps onto their device

Dr Steven Murdoch, a researcher at University College London, said the findings on data privacy were "sadly not surprising". He argued that often the use of third-party advertising platforms within apps is particularly troubling.

"Often privacy leaks from mobile apps don't come from the app itself, but from the advertisements which are added," he told the BBC.

"Quite frequently the people who are writing the application don't understand themselves what they advertisement code is doing.

"If you couple it with the fact that the money for these apps are made almost purely through ads - developers don't want to ask too many questions."

Gpan researchers did note some instances of good practice.

Regulators were said to be "impressed" by the use of notifications to warn users when certain instances of data collection - such as location information - were about to take place.