Most mobile apps fail on privacy, warns ICO

Most mobile applications are accessing personal information without explaining how that data is used, the ICO has warned

Most mobile applications are accessing personal information without explaining how that data is used, the Information Commissioner’s Office (ICO) has warned.

Some 85% of apps fail to explain clearly how they are collecting, using and disclosing personal data, according to a survey of more than 1,200 mobile apps by 26 privacy regulators around the world.

The survey was conducted by the Global Privacy Enforcement Network (Gpen), which was set up in 2010 to foster cross-border co-operation among privacy regulators.

As a member of Gpen, the ICO contributed to the survey by examining 50 of the top apps released by UK developers.

The survey also revealed that 59% of the apps left users struggling to find basic privacy information, and almost a third request an “excessive number of permissions” to access additional personal information.

According to the survey report, 43% of the apps failed to tailor privacy communications to the small screens of mobile devices.

Privacy information in these apps is either provided in text that is difficult to read because it is too small or the information is hidden in lengthy privacy policies that require scrolling through multiple pages.

Andersen Cheng, chief executive of SRD Wireless, said privacy in apps is a major issue because apps are increasingly set up to make money from data collection first and offer a service second.

“Essentially, the industry has assumed that you have no control over your own data, but as long as apps are deciding they need access to your life history and full contacts list to work, your personal information can never be safe,” he said.

Cheng said that as the ICO has not revealed which apps failed its test, users should take back control of their own data.

“If an app cannot guarantee that it is only storing the minimum necessary data, and is not sharing that with other apps, it should be shunned for a reputable alternative that can,” he said.

The ICO said the research did find examples of good practice, with some apps providing a basic explanation of how personal information is being used, including links to more detailed information.

Gpen members were also impressed by the use of just-in-time notifications on certain apps that informed users of the potential collection, or use, of personal data as it was about to happen.

The survey report said these approaches make it easier for people to understand how their information is being used and when.

“Apps are becoming central to our lives, so it is important we understand how they work and what they are doing with our information,” said Simon Rice, group manager for technology at the ICO.

“The research results show that many app developers are still failing to provide this information in a way that is clear and understandable to the average consumer,” he said.

The ICO and the other Gpen members plan to contact developers responsible for apps where there is “clear room for improvement” regarding users’ privacy.

They also plan to publish guidance to explain the steps people can take to help protect their information when using mobile apps.

This follows the ICO’s Privacy in Mobile Apps guidance published last year to help app developers in the UK handle people’s information correctly and meet their requirements under the UK Data Protection Act.

The guidance includes advice on informing people how their information will be used.

Research carried to support the launch of the guidance showed that 49% of app users have decided not to download an app due to privacy concerns, the ICO said.

Read more on Privacy and data protection