If you use electronics, you have applications, or apps, on your system. From devices to desktops, apps are convenient for accessing services, games or work. Some apps are trendy, like games, while others are staples, like financial services.
When you install an app on your device, you give it the right to share certain information so it can work properly. For example, your banking app might need access to your phone’s camera to scan your face for biometric verification. But if your banking app also wanted access to every contact on your phone, you might wonder why.
Learn about what apps collect and ways to safeguard your data.
What apps collect
Apps collect a range of information, such as:
Scroll the app’s installation page before downloading
Before you tap “Install,” scroll through the installation page. Most apps show an overview of their data collection practices in the “see details” section, including:
-
Whether they share data with other companies or organizations
-
If they use data for crash logs, analytics or diagnostics
-
If and how they track your interactions with the app
-
The type of personal information they collect, like your photos, videos, documents and payment information
-
Their cybersecurity and data encryption methods
-
If and how you can request that they delete the data they collect on you
-
Opt-out options
-
A link to their privacy policy and data safety statement
Sharing with others
Apps sometimes share the information they collect about you with other parties, or “third parties,” including:
Data breaches and cyberattacks
There’s always a risk of data theft with apps. Unsecured networks or apps with weak security protocols make easy targets for cybercriminals. By exploiting these weaknesses, cybercriminals can steal PII and financial information. They can even trace your whereabouts via the app if you’ve enabled access to your location tracker. In the wrong hands, these data exposures can lead to identity theft, unauthorized transactions, ransom and blackmail, social engineering scams, and phishing attacks.
Always download apps from trusted sources and read the terms and conditions.
Know what you consent to
Apps may also share the information they collect with government agencies and law enforcement. Typically, this type of sharing only happens under exceptional circumstances and is subject to local laws and regulations. Some apps require legal action to divulge this information; others might not. Legal actions can include:
-
Court orders or subpoenas relating to criminal cases
-
National security requests for data under laws like the USA Patriot Act
-
Legal compliance, such as public health data-sharing during a pandemic or financial data-sharing relating to taxation
Most companies outline their data-sharing practices in their privacy policies, which you can find under their terms and conditions.
Read the app’s terms and conditions for information on how they can legally use and share your data. They’re long and cumbersome, but you should read them to be fully informed about how they can legally use and share your data.
Reading a terms and conditions agreement
When you install an app, you automatically agree to its terms and conditions. These terms are available to read and linked in the app store. Many of these terms read like a contract, which they are. In most apps terms, you can find details about how they collect, use, and share your data in one or all of the following sections:
Privacy policy
This part of the agreement provides information on how the app collects, stores, uses and protects your data. This is where you’ll find when and why they would share your data with third parties, including law enforcement or government agencies.
Data usage
This section offers more details on the data they collect and how they use it, including device information, PII, location information and other data.
Information collection and use
This section should clearly outline the following:
-
What data they collect
-
Why they collect it
-
How they’ll use it
-
If and how they share it
Third-party sharing or disclosure
Not all apps provide this information. If they do, this section describes which entities the app might share your data with and why. Legitimate apps should not sell or share your data without your consent. Data-sharing should be justified and transparent.
In many regions, companies are required to be transparent about how they use and collect data. For example, the European Union’s General Data Protection Regulation requires companies to disclose the types of data they collect, for what purposes and how long they retain that data. Noncompliance can result in hefty fines and legal action.
Ways to limit your data exposure
You can curb app data collection practices by knowing what to look for:
Restrict data collection after downloading
You can also look for settings with the app that restrict data access and sharing after you’ve installed it. Still, this won’t prevent the app from sharing what it has if you’ve agreed to data sharing in the terms and conditions of use.
Device security
Even if the app isn’t a problem, app security might be. Cybercriminals know which apps they can easily exploit. From there, they can steal your data or weaponize your device by hacking the camera, microphone and GPS to track and listen in. Protect your devices:
-
Use antimalware software
-
Encrypt your device
-
Use a secure cloud backup
-
Install security patches
-
Use a password or biometrics to unlock your device
Visit the Cybersecurity & Infrastructure Security Administration’s “How to Protect the Data that is Stored on Your Devices” for more details.
Think before you app
Data privacy is a serious concern; apps should respect your privacy rights. The terms and conditions will tell you all you need to know. At the very least, read the app’s installation page. If an app shows a lengthy list of data collection practices, rethink whether you need it.
Some fun and free apps are nothing more than a security risk to you. Read before you install, and stay cybersafe out there!
