The Consumer Council has taken to task developers of instant messaging apps for excessively collecting personal data of users and lack of adequate transparency governing the use of such data.
The problem of personal data privacy is one of pressing concerns to consumers as apps have become an essential part of mobile phone use.
The Council has conducted a survey of 13 instant messaging apps for Android Smartphones, in support of the World Consumer Rights Day (WCRD) 2014, which falls on March 15 every year.
The Consumers International (CI) has chosen "Fix Our Phone Rights", as this year's WCRD theme to highlight its concern and to call on mobile phone service providers to provide a better deal for the 7 billion mobile users across the globe.
The CI has drawn up a Consumer Agenda for Fair Mobile Services, which unites consumer rights groups around the world to challenge governments and telecom providers to act on unreliable connections, unfair contracts, and poor customer services.
The Council's survey revealed an astonishing array and number of user's "permissions" for data collection before a user can download and install an app. The survey found that for the 13 apps, there were in total no fewer than 61 requests for user's permissions.
For instance, all 13 apps sought permissions on: full network access; modify or delete the contents of user's memory card; view network connections; read phone status; read phone identity; test access to protected storage; control vibration; prevent phone from sleeping.
12 of the surveyed apps requested permissions on: read user's contacts; take pictures and videos; record audio. Others included: find accounts on the device (11 apps); view Wi-Fi connections (10); receive data from Internet (10); user's location (9) - approximate location (network-based) and precise location (GPS and network-based).
Some of the permissions requested are functionally required for the app's operation, but some are considered grossly excessive raising concerns that the user's private information may be divulged or additional charges may be incurred to the user without his or her prior knowledge.
In particular, for instance, "full network access" allows the app to read photos and video clips stored in the phone via the Internet which means the app developer can upload such files to its server.
Even more intrusive, involving not just your own personal data but those of your friends and relatives in contact on your mobile phone, concerns what is generally grouped under "social information" such as: read user's contacts; and read call log.
Such user's permissions not only involve sensitive information but are, in most cases, unnecessary for the app's main function.
Consumers should also be wary that giving such permission as to access your phone's camera and microphone, sensitive audio visual material may be recorded without your knowledge if and whenever the app activates the photo/video taking or voice recording function of the phone.
"User's location" allows the app to identify the user's location by the mobile network or the Global Positioning System. It may make localized services available to the user but may also reveal the whereabouts of the user.
With regard to the permission "directly call phone number", which may result in incurring additional charges to the user, it allows the app to make phone calls; and if the user is on roaming it may cost the user additional charges.
Likewise, permissions to send SMS messages to users of another mobile network operator will also incur additional charges payable to the mobile network operator.
Developers of apps are called on to refrain from excessive collection of personal data and information, and to allow consumers the freedom and the right to choose the type of permission to grant in order to access the use of apps.
They are also encouraged to provide barrier-free-design to the apps and the pages containing the terms and conditions and privacy policies to enhance consumers, including those with disability, understanding of the permission requests.
To the app selling platforms, they are urged to vet carefully the apps sold on their platforms, particularly in respect of how well they protect the user's personal information, their level of information security, and whether additional charges may be incurred.
Platform service providers can require app developers to provide clear and detailed information on personal data to be collected and additional charges, if any; and alerts should be shown to the user before download.
Consumers, on the other hand, are advised to exercise caution and to heed the following:
- Read carefully the requested permissions, comments of the users, terms and conditions and privacy policies on the app's webpage before download. If the permissions do not match the app's function, withhold permissions even if it means no access to the app.
- Check out and read carefully any additional or revised permissions before allowing the app to update.
- Set the data connection, Wi-Fi connection, Bluetooth, NFC (Near Field Communication) functions to "off" so that they cannot be triggered automatically, such that consumers will not incur extra charge, or get connected to an unsafe network.
- If you do not wish to be added into groups without your authorization, you should reflect the situation to the customer service of the app developers and request them to handle it. Register your telephone number in OFCA's Do-not-call Register (registration hotline 1835 0000) if you do not wish to receive commercial electronic messages. Remove unnecessary apps from time to time.
- 2014.03.14