I was in the process of installing an app that replaces my home screen on Android. Until the following (screenshot below) data access screen made me take a step back and think for a bit:
The app was requesting permission to have access to my SMS with the ability to receive, reply and delete without my permission. Out of curiosity, I tweeted them asking the reason for such access (no response yet), and then went about searching for the privacy and data policy for the app (which was kinda scary).
Think of the various data leaks there are online:
(1) All the apps on your smartphone devices with access to SMS, FB, LinkedIN, Email
(2) Any other web based 3rd party service that integrates with Facebook, LinkedIN, Gmail etc.
My thoughts in addressing the concerns raised by granting persistent personal data permissions:
(2) Apps need to make it easy for current and ex users to OPT OUT of data collection, use and storage.
The service should do the following (at the least):
(1) Track the WHO has access to WHAT data and HOW it will potentially be used by scanning apps on your phone + access given by your social networks
(2) Ability to send email to the app company requesting to delete data or OPT-OUT
(3) Keep users up to date via alerts and action items related to their data.
Similar to how ad-tech companies have opt-outs (think Evidon), there needs to be a delete-outs for apps companies and any company that integrates or pulls personal information. From a business perspective, this service is akin to a virus scanner for the consumer - while this "app scanning" service is the privacy scanner of the data sharing world. The personal data protection market is up for grabs -- I'd use, and likely pay for a service like this, would you?
To prove the point of this blog post, this just came in on TechCrunch a few hours after I published this post:
A Techcrunch users comment:
"I haven't updated Facebook app on my Android for a long time due to ridiculous permissions they ask for:
- Read SMS
- Add or modify Calendar events.
- Send emails to guests without my knowledge
- Connect/Disconnect WIFI
- Draw over other apps
- Retrieve running apps
- Direct call phone numbers, read phone status and identity
- Modify contacts
- Read call log
- read contacts
- write call logs
- Find accounts on the device
- Reorder running apps
- Read sync settings
- Change network connectivity.
- Download files without notification
- Set wallpaper
Yep, all this to connect with my friends on Facebook? No thanks.
Sadly, after Android removed AppOps, I can no longer control permissions, and hence I am not updating any apps that asks for ridiculous permissions till the guys at Google bring back AppOps, and if they don't I am switching to CyanogenMod or start using my iPhone only."