June 24, 2014
Here’s how most of us protect our own privacy when it comes to new mobile apps: We hear about an app somewhere, we see it has a rating above 3.5 out of 5 stars, we install it, and we tap through whatever permission requests it presents.
That has a certain efficiency. Unfortunately, it’s not the safest approach. App developers don’t always know what they’re doing, and careless or rushed coding may not stand up to entry-level hacking.
If you use an insecure or hacked app on your phone, you could be exposing its personal data — like your address book, location, messages, and so on.
We saw this risk realized two years ago with Path, when a user discovered that the photo-sharing app uploaded entire address books without asking permission first. Last year, Snapchat users learned that their phone numbers had been exposed by sloppy security.
And last week, users of the vacuous app Yo learned that it was wide open to snooping — three college students told TechCrunch that they easily extracted users’ phone numbers and impersonated them on the service.
Maybe you held off on installing all or some of these apps. But can you be sure that the apps already on your phone are that much safer?
Actually, you can’t. But you can at least stop and ask a few reasonably simple questions to see if the people behind each app have the right priorities.
So before you install that next hot app, ask yourself these four things:
1. What do I need to give up to identify myself to this app?
“We don’t want your email, Facebook,” Yo brags in its release notes. Great, you may think: No more annoying usernames and passwords to remember! No worries about this spamming my Facebook friends!
But what Yo does need is your phone number. It’s technically optional, but without it you need to ask individual friends for their Yo usernames, which in turn will require confessing to them that you use Yo.
(On Snapchat and on Secret, in contrast, it is marginally easier to kick the tires without giving up a phone number.)
A phone number is an inconvenient bit of personal data to get leaked onto the Internet, should the carefully crafted defenses of a system slip up. There’s no meaningful junk filtering for most phone numbers, so you don’t want your number getting out. And changing a leaked number is a difficult, prolonged chore.
Having an email address fall prey to a data breach isn’t quite as painful since spam filters have gotten good. And using Facebook or Twitter to sign in to an app won’t expose your password if the app is later hacked. You can also yank the permission an app has to access your social accounts. Here’s how to do it on Facebook and Twitter. 2. Does the app explain why it needs my data?
Path’s original sin was not asking before uploading users’ contact lists so that it could suggest other Path users to new users. Apple ensured that other iOS apps couldn’t blindly get away with that by requiring them to get permission when they ask to peek in your address book.
In Android, apps have always had to ask permission for access to your data when they are installed. But not everybody pays rapt attention to those dialogs.
Both systems, however, leave it to developers to explain why they need to see personal data like your calendar or your location. Some do so in release notes that may not be read; the smarter ones figure out ways to explain as you use the app. See, for instance, this revealing post from the developer of the iOS app Cluster.
The upcoming iOS 8, according to a presentation that Apple may or may not have meant to make public (PDF download), will strongly encourage developers to add brief explanations to each permissions dialog.
3. What’s the business model?
App developers often brag about the investors behind them, but you should ignore that. The amount of stupid money sloshing around the tech industry — Yo has racked up $1 million — makes funding a dubious benchmark of trustworthiness.
You should, however, wonder how an app’s developers will make money. A lot of companies — see, for instance, Secret, Snapchat, and Yo — won’t say upfront. I wish they would be honest and admit that they’ll try to get other companies to pay to use their apps to market to you. It’s an obvious scenario, but it should be stated, because any data you give the app may be used to further its business purposes in the future.
4. How do I delete my account?
There’s only one correct answer to this, and it involves an in-app or online dialog box that includes the words, “Click here to delete my data.” If you have to send an email and wait for a reply, then the app’s developers haven’t thought things through and may have cut other corners in their privacy or security model.
Snapchat, for all of the deserved abuse it’s taken for being lax about security (read the Federal Trade Commission’s notice of its settlement if you want to be horrified), gets this right: You can break up with it using a form at its site. But Secret and Yo both make you email to have an account and the data associated with it wiped. (At Secret, email firstname.lastname@example.org; at Yo, email email@example.com.)
When asked about that by my colleague Alyssa Bereznak, Yo founder Or Arbel’s response was not too convincing. “I think it will be really easy … what we will do … let me think about it. I need to think about it. About how we’re going to do it.”
Some new apps pass these privacy tests. That one doesn’t, and I would not install it until it grows up.
Email Rob at firstname.lastname@example.org; follow him on Twitter at @robpegoraro.