#5Questions to ask before installing an app

tl;dr

Ever worried about your data and its privacy while installing a new application (app) on your phone? As part of our new series #5Questions, here are 5 questions that will help you make an informed decision.

#5Questions

We recently came across a post by the American Civil Liberties Union (ACLU), in which they list 6 questions a person should ask before accepting any new surveillance technology. We found this format of understanding an issue extremely helpful as it allows us to break down the issue succinctly for our community. Thus, in our new series #5Questions, we will be examining various issues through this format to identify and address the most pertinent aspects of an issue through a digital rights lens .

5 questions to ask before installing an app on your phone

Q1. Where did you download the app from?

A1. Depending on whether you use a mobile phone with an Android or iOS operating system, you may download the majority of the apps on your phone through the Google Play Store or the App Store respectively. Both these stores contain certain native apps which have been developed by them for their users. However, they also host certain third-party apps developed by someone other than the manufacturer of a mobile device or its operating system. For these, they have guidelines (Google and Apple) to ensure that the apps submitted by third party developers are safe for their users. Apps which violate these guidelines may be removed from the stores however some apps may still default on these guidelines. There are also third party app stores from where users can download apps which aren’t available on the Google Play Store or the App Store. These app stores may not follow the same guidelines and overview process as followed by these official stores and some apps downloaded from these third party stores may contain malware. Hence, it may present a risk and should be put to higher scrutiny by users.


Q2. What are the permissions/categories of data it is seeking/collecting?

A2. Permissions are essentially the privileges an app has to access the necessary data it needs to function properly. For example, a camera/editing app will need access to your camera and your gallery to function properly, on the other hand a messaging app will need access to your contacts. Permissions can be of multiple types such as install-time permissions, runtime permissions, and special permissions (Read more here). While installing an app it is essential to check which permissions an app is seeking to ensure that overbroad collection of data does not occur. According to a study by the Pew Research Centre, “Apps Permissions in the Google Play Store”:

  1. 90% of app users indicate that having clear information about how apps will access or use their personal data is “very” or “somewhat” important to them when deciding to download an app;
  2. Fully 60% of apps users have chosen to not download an app after discovering how much personal information the app required, while 43% have uninstalled an app after installing it for the same reason.

Q3. Where is the app storing your data?

A3. Depending on the type of app you are downloading, apps may store your data in the following formats:

  1. Offline apps: They store all their data on your device and do not need to be connected to the internet to function. Example: Notes app.
  2. Online apps: They store all their data in their company’s  server and need to be online to function. Example: Amazon app.
  3. Synchronised apps: They store all their data on your device and can thus function offline. However, they have to periodically update their data from a server for which the device needs to be online. Example: Google Play Books

Here, it would be incorrect to assume that either offline or online apps are better than the other since both, your device and the server on which the app is storing data, can be breached. However, it is essential to be aware of where your data will be stored in order to take an informed decision.


Q4. With whom is the data shared?

A4. Apps that collect your data may share it with third parties without your consent or knowledge. Data may be shared with advertisers who may target you with unwanted advertisements or with data brokers that track all of your online activity to create a complete profile of you which they then sell. Further, data may also be shared with law enforcement agencies for investigative purposes upon request which could then be used for prosecution. Thus, it is important to check with whom an app is sharing your data to make an informed decision about how much of your data you want to share with these apps.  


Q5. Is the app’s privacy policy easy to understand?

A5. Let’s BeReal (😉), nobody reads privacy policies. Almost all of us click on “accept”, “agree” or “I understand” without actually understanding what we are agreeing to. According to a study by the Pew Research Centre, “Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information”, only 9% of the adults surveyed said that they always read a company’s privacy policy before agreeing to the terms and conditions, while an additional 13% said they do this often. However, does this mean companies and app developers get a free pass? No! Because this would only encourage them to make more convoluted privacy policies which would be much more difficult to understand. In fact, efforts to make privacy policies simpler has been an ongoing struggle since the past decade, which prompted Twitter to turn parts of its privacy policy into a video game.

Here is a handy guide on how to read privacy policies and what to look for. The first step is to locate the privacy policy. Secondly, see what data the app is going to collect. Third, search for key terms such as “sell”, “affiliates” and “partners” to see how your data may be sold or shared. Lastly, search for “advertising” to check if the app will display targeted ads on the basis of the information you share with them. Another guide that will help you understand what to look for is ‘Privacy Not Included’, a scoring system for apps and gadgets from the nonprofit Mozilla Foundation.  

Need for data protection law

While maintaining digital hygiene is essential for all individuals, responsibility to protect the personal data of citizens lies with the government. The withdrawal of the draft Data Protection Bill, 2021 marked the unsatisfactory end of a long and arduous consultation and review process for the legislation. While the 2021 version was certainly not perfect, we are concerned that this withdrawal has now brought us closer to where we started in 2018 instead of where we should be in 2022 (Read our brief of the issues with the DPB, 2021 here). Today there exists no remedy for the violation of many digital rights that emerge from the expansive collection and procession of personal data for Indians. The existing legal vacuum on data protection portends an Orwellian state and is clearly an infringement of the fundamental right to privacy.

Important documents

  1. Here lies the Data Protection Bill, 2021 dated August 4, 2022 (link)
  2. A Public Brief on the Data Protection Bill, 2021 dated July 11, 2022 (link)