Understanding the Privacy Risks of Popular Smartphone Apps
Smartphone apps have become an integral part of daily life, with millions of users relying on them for everything from social media to online shopping and fitness tracking. However, a recent investigation has revealed that many of these widely used applications request access to personal data in ways that could compromise user privacy.
The study, conducted by consumer advocacy group Which? in collaboration with cybersecurity experts from Hexiosec, analyzed 20 popular apps across different categories, including social media, online shopping, smart home devices, and fitness applications. The findings suggest that all of these apps ask for permissions that may be considered “risky” or unnecessary for their core functions.
Key Findings from the Investigation
Among the apps tested, Xiaomi Home emerged as the one requesting the most permissions—91 in total—with five of those classified as risky. Other notable apps included Samsung Smart Things (82 permissions, eight risky), Facebook (69 permissions, six risky), and WhatsApp (66 permissions, six risky). These numbers highlight how much data these apps can potentially collect, even when it’s not essential for their functionality.
Risky permissions typically include access to a device’s microphone, location, and files. Such data can be valuable for targeted advertising or other purposes, raising concerns about how user information is being used. For example, some apps may use precise location data to deliver more personalized ads, while others might track what other apps are running on a device, which could lead to further data collection.
The Importance of App Permissions
The investigation emphasizes the need for users to be more aware of the permissions they grant when downloading new apps. Many people tend to accept these permissions without fully understanding the implications, often just tapping “agree” to move forward quickly.
Experts recommend taking the following steps to improve app privacy:
- Check privacy information: Review the data collection details provided in the app store listing.
- Read the privacy policy: Look for sections that explain how data is collected and shared.
- Limit or revoke permissions: Adjust settings in your phone’s app permissions to restrict what each app can access.
- Delete unused apps: If you’re unsure about an app, consider deleting it and ensuring all associated account data is removed.
Data Sharing Concerns
Some apps, such as AliExpress and Xiaomi Home, were found to send data to China, including to suspected advertising networks. While this was mentioned in their privacy policies, the practice raises questions about data security and user consent. Similarly, Temu, another Chinese-owned platform, encouraged users to sign up for marketing emails, which could be done without realizing the implications.
For social media platforms like Facebook and TikTok, the number of permissions requested was particularly high. Facebook, for instance, asked for 69 permissions, with six of them deemed risky. TikTok required 41 permissions, including three that allowed access to audio recordings and files on the device.
Additional Privacy Risks
The study also highlighted that 16 out of the 20 apps requested permission to create windows on top of other apps, effectively enabling pop-ups. Seven apps also sought permission to start functioning automatically when the phone is turned on, even if the user hasn’t interacted with them yet. While some of these permissions may have legitimate uses, others were considered unnecessary or unclear.
Industry Responses
In response to the findings, several companies provided statements. Meta, which owns Facebook, WhatsApp, and Instagram, stated that none of its apps run the microphone in the background without user involvement. Samsung emphasized compliance with UK data protection laws, while TikTok highlighted that privacy and security are built into its products.
Strava explained that certain permissions, like access to precise location data, are necessary to provide the services users expect. Amazon noted that permissions are used to enhance features such as product visualization and voice search. Meanwhile, AliExpress claimed that specific permissions are not used in the UK and that it adheres to strict privacy policies.
Final Thoughts
The research underscores the importance of being vigilant about app permissions and the data we share. As smartphone usage continues to grow, so does the need for users to understand the potential risks and take control of their digital privacy. By reviewing app settings, limiting unnecessary permissions, and staying informed, individuals can better protect their personal information in an increasingly data-driven world.
