Ever worried about your data and its privacy while installing a new application (app) on your phone? As part of our new series #5Questions, here are 5 questions that will help you make an informed decision.
We recently came across a post by the American Civil Liberties Union (ACLU), in which they list 6 questions a person should ask before accepting any new surveillance technology. We found this format of understanding an issue extremely helpful as it allows us to break down the issue succinctly for our community. Thus, in our new series #5Questions, we will be examining various issues through this format to identify and address the most pertinent aspects of an issue through a digital rights lens .
5 questions to ask before installing an app on your phone
Q1. Where did you download the app from?
A1. Depending on whether you use a mobile phone with an Android or iOS operating system, you may download the majority of the apps on your phone through the Google Play Store or the App Store respectively. Both these stores contain certain native apps which have been developed by them for their users. However, they also host certain third-party apps developed by someone other than the manufacturer of a mobile device or its operating system. For these, they have guidelines (Google and Apple) to ensure that the apps submitted by third party developers are safe for their users. Apps which violate these guidelines may be removed from the stores however some apps may still default on these guidelines. There are also third party app stores from where users can download apps which aren’t available on the Google Play Store or the App Store. These app stores may not follow the same guidelines and overview process as followed by these official stores and some apps downloaded from these third party stores may contain malware. Hence, it may present a risk and should be put to higher scrutiny by users.
Q2. What are the permissions/categories of data it is seeking/collecting?
A2. Permissions are essentially the privileges an app has to access the necessary data it needs to function properly. For example, a camera/editing app will need access to your camera and your gallery to function properly, on the other hand a messaging app will need access to your contacts. Permissions can be of multiple types such as install-time permissions, runtime permissions, and special permissions (Read more here). While installing an app it is essential to check which permissions an app is seeking to ensure that overbroad collection of data does not occur. According to a study by the Pew Research Centre, “Apps Permissions in the Google Play Store”:
- 90% of app users indicate that having clear information about how apps will access or use their personal data is “very” or “somewhat” important to them when deciding to download an app;
- Fully 60% of apps users have chosen to not download an app after discovering how much personal information the app required, while 43% have uninstalled an app after installing it for the same reason.
Q3. Where is the app storing your data?
A3. Depending on the type of app you are downloading, apps may store your data in the following formats:
- Offline apps: They store all their data on your device and do not need to be connected to the internet to function. Example: Notes app.
- Online apps: They store all their data in their company’s server and need to be online to function. Example: Amazon app.
- Synchronised apps: They store all their data on your device and can thus function offline. However, they have to periodically update their data from a server for which the device needs to be online. Example: Google Play Books
Here, it would be incorrect to assume that either offline or online apps are better than the other since both, your device and the server on which the app is storing data, can be breached. However, it is essential to be aware of where your data will be stored in order to take an informed decision.
Q4. With whom is the data shared?
A4. Apps that collect your data may share it with third parties without your consent or knowledge. Data may be shared with advertisers who may target you with unwanted advertisements or with data brokers that track all of your online activity to create a complete profile of you which they then sell. Further, data may also be shared with law enforcement agencies for investigative purposes upon request which could then be used for prosecution. Thus, it is important to check with whom an app is sharing your data to make an informed decision about how much of your data you want to share with these apps.
Need for data protection law
While maintaining digital hygiene is essential for all individuals, responsibility to protect the personal data of citizens lies with the government. The withdrawal of the draft Data Protection Bill, 2021 marked the unsatisfactory end of a long and arduous consultation and review process for the legislation. While the 2021 version was certainly not perfect, we are concerned that this withdrawal has now brought us closer to where we started in 2018 instead of where we should be in 2022 (Read our brief of the issues with the DPB, 2021 here). Today there exists no remedy for the violation of many digital rights that emerge from the expansive collection and procession of personal data for Indians. The existing legal vacuum on data protection portends an Orwellian state and is clearly an infringement of the fundamental right to privacy.