Do you care about the level of permissions an app asks for when you download it?

[Mainly Mattias]

Data mining is where it's at. 

I was reading an article on FB Messenger adding an ability to look through your phone's photos for friends and then prompt you to share them and wondered if people cared about permissions when they downloaded new apps.  Apparently FB Messenger has a ton of permissions (46).  I know I don't bother with apps past the essentials now.  Unfortunately, my essential apps include everything google.  Google pretty much knows my entire life.

Here are a couple of articles for those interested in app permissions:

What do your apps know about you? (article in spoiler)

 

http://www.ktvq.com/story/30485106/what-do-your-apps-know-about-you

Two new research reports shed light on what your apps are finding out about you -- and what information they're sharing with other people.

According to survey results out Tuesday from the Pew Research Center, apps in the Google Play Store ask for a total of 235 different types of permissions before they can be installed on your device. While most (165) allowed the app access to your device's hardware -- for instance, the camera or vibrate function -- 70 of these permissions granted access to personal information such as your GPS location and contacts list.

"Once that permission is granted, the apps can amass insights from the data collected by the apps on things such as the physical activities and movements of users, their browsing and media-use habits, their social media use and their personal networks, the photos and videos they shoot and share, and their core communications," the report said.

On average, apps required that users grant five permissions. The most common ones give access to your smartphone's Internet connection.

Communications and business apps, including Skype, Snapchat, Adobe Reader and Google Docs, required the largest number of permissions.

Pew looked at apps in Google's app store (between June and Sept. 2014) because they are fairly representative of the app universe, being available for 45 percent of all smartphones owned by Americans, and because Google shares more information about app data -- more than, say, Apple, which tends to play everything very close to the vest.

The latest version of Android, Marshmallow, released in Sept. on Google Nexus phones, gives users more control over permissions, by having only basic permissions required up front in order to download an app, and putting others on an as-needed basis, so users can deny or allow permissions individually.

What users can't control however, is how the information they grant access to is ultimately put to use -- beyond the functionality of a given app.

A research study published in the Journal of Technology Science Oct. 30 found that Android apps are more likely to share your personal information with third parties than iOS apps for Apple devices -- and that they don't need visible permission requests to do so.

The study found that 73 percent of Android apps share "potentially sensitive data," such as name and email address, with outside entities, while 16 percent of iOS apps do. What's more, Android sends that information to more places: 3.1 third-party sites, versus 2.6 for the average iOS app.

Forty-seven percent of Apple apps, however, hand over location data, including your GPS coordinates, compared with only a third of Android apps.

The most common recipients of sensitive data were Google, Apple and Facebook.

User data plundering by Android and iOS apps is as rampant as you suspected (article in spoiler)

by Dan Goodin - Nov 4, 2015 4:40 pm UTC

http://arstechnica.com/security/2015/11/user-data-plundering-by-android-and-ios-apps-is-as-rampant-as-you-suspected/

Apps in both Google Play and the Apple App Store frequently send users' highly personal information to third parties, often with little or no notice, according to recently published research that studied 110 apps.

The researchers analyzed 55 of the most popular apps from each market and found that a significant percentage of them regularly provided Google, Apple, and other third parties with user e-mail addresses, names, and physical locations. On average, Android apps sent potentially sensitive data to 3.1 third-party domains while the average iOS app sent it to 2.6 third-party domains. In some cases, health apps sent searches including words such as "herpes" and "interferon" to no fewer than five domains with no notification that it was happening.

"The results of this study point out that the current permissions systems on iOS and Android are limited in how comprehensively they inform users about the degree of data sharing that occurs," the authors of the study, titled Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps, wrote. "Apps on Android and iOS today do not need to have permission request notifications for user inputs like PII and behavioral data."

The personal information most commonly transmitted by Android apps was a user's e-mail address, with 73 percent of the apps studied sending that data. In total, 49 percent of Android apps sent users' names, 33 percent transmitted users' current GPS coordinates, 25 percent sent addresses, and 24 percent sent a phone's IMEI or other details. An app from Drugs.com, meanwhile, sent the medical search terms "herpes" and "interferon" to five domains, including doubleclick.net, googlesyndication.com, intellitxt.com, quantserve.com, and scorecardresearch.com, although those domains didn't receive other personal information.

Also concerning were Android apps that sent third parties potentially sensitive combinations of data. Facebook, for example, received users' names and locations from seven of the apps analyzed in the study—American Well, Groupon, Pinterest, RunKeeper, Tango, Text Free, and Timehop. The domain Appboy.com received the data from an app called Glide.

A Google spokeswoman contacted for this post didn't provide any information about safemovedm.com or say why the Android operating system would connect to it. Web searches provided a variety of theories about the purpose of Android connections to the domain.

iOS apps, meanwhile, most often sent third parties a user's current location, with 47 percent of apps analyzed in the study transmitting such data. In total, 18 percent of apps sent names, and 16 percent of apps sent e-mail addresses. The Pinterest app sent names to four third-party domains, including yoz.io.facebook.com, crittercism.com, and flurry.com.

Several of the apps in the study sent other sensitive information. For instance, Period Tracker Lite, an app that tracks menstrual cycles, transmitted symptom inputs such as "insomnia" with apsalar.com, while job-search apps from Indeed.com and Snagajob shared employment-related inputs such as "nurse" and "car mechanic" with four domains, including 207.net, healthcareresource.com, google-analytics.com, and scorecardresearch.com.

One thing app users can do to safeguard their personal information, the researchers suggest, is to supply false data when possible to app requests. The researchers also said that apps can be redesigned to allow users to opt out of data collection and that app stores could more prominently inform users about third parties who may receive their data.

 

[terrible.dee]

I care,

I do not participate in "smart-phone" culture, nor do I upload/post anything of consequence to Facebook (which I check about 5 times a year) not much in my profile but a name and a photo.

I'm sure my data is being mined though sources I'm unaware of, but I still can't figure out why people willingly hand it over. 

 

[FallenCR7A]

I take it into deep consideration, especially if I find a certain permission is not necessary for the app to be functional. I'm sure there's tons of information on my habits just based on the analytics Google would have on me, or Facebook, etc, but I still do as much as I can to limit what information is available/I want available as every piece of info counts.

[Western Red]

The only thing I really care about is my 'friends' receiving spam or adverts.

[elvis15]

I look and think about if an app really needs those permissions to perform its functions. If it does (like with the previous outcry about Messenger when it first came out) then fine, but if it doesn't I won't download it. Even then I go into any app I download and remove any unnecessary security the app asks for (again, like the new Messenger outcry, as I already have the photo sharing disabled).

[Lancaster]

I know that some people freak out when some BB apps ask for some permissions.  Yet nobody seems to complain that that iOS and Google phones usually don't even bother to ask, lol. 

[Green Goblin]

I care,

I do not participate in "smart-phone" culture, nor do I upload/post anything of consequence to Facebook (which I check about 5 times a year) not much in my profile but a name and a photo.

I'm sure my data is being mined though sources I'm unaware of, but I still can't figure out why people willingly hand it over. 

 

Because some don't care.

Anything posted online is vulnerable to pretty much anyone with internet, especially the bigger software companies who are going to look into all your stuff with or without your permission anyways. Facebook is just being cautious by asking for your permission. 

[aGENT]

Depends on the app and depends on the permissions. 

[Offensive Threat]

Most data mining by Google and Facebook is to increase the effectiveness of their advertisers. Targeting etc. I really dont mind that too much but when Youtube is showing me Revlon ads after Ive just watched 20 football videos I have to wonder exactly what the hell is wrong with their system.

 But yeah some apps seem to want permissions they have no business having access to. If I can I will not use those apps.

 

 Data is valuable. My brother works for the BC Ministry of Finance selling intellectual property. Mostly statistics the Gov collects. They collect stats on everything and that stuff sells for big money to a wide range of industries.