It’s tin foil hat time! Your smartphone is tracking every step you take! Not really, but a new study from Carnegie Mellon University has discovered that Android apps might collect geolocation data as often as every three minutes.
As Mark James, ESET security specialist, points out that “some apps like navigation need up to the second info when its running but should only require information periodically at other times and normally only to speed up getting location fixes when it needs to know where you are.”Norman M. Sadeh, co-writer of www.welivesecurity.com/2015/03/27/android-apps-track-location-every-three-minutes-says-carnegie-mellon-study/the study, explains that “the frequency by itself is not the problem. Instead it is whether the frequency is justified.”
The difference between “needs to know” and simply wants to know or wants to collect data is a key distinction and one that needs to be addressed.
App users or app makers
During the closing week of the study the researchers began sending the participants ‘privacy nudges’ every time an app requested their location.
Because of this 95% of participants reported they would reassess their app permissions and 58% chose to restrict apps from collecting their personal data.
Personally I don’t allow apps to collect location data unless I specifically request that it refreshes: in the case of a weather app for example.
Generally speaking changing why and how often an app requests location data is as simple as a couple of tick boxes or drop down menus. With that in mind is the problem with app users rather than app makers?
“This is definitely a problem with the app makers. The question asked here is simply does the app need my location data as frequently as requested?
“For devices to show you the latest deals or have an app ready to deliver the best services it does need to know where it is, but every 20 mins seems a little excessive.
“Apps should explain clearly how often it will require a location update and should ideally give you the option to limit or restrict said access.
“Of course that’s not to say the end user will necessarily choose not to use the app or indeed take any notice of what its stating but it will at least make you aware of what it’s doing and enable you to make informed decisions as to whether or not you want to use it.”
“Informed decisions”
Making “informed decisions” is the key. The perception that you ‘need’ an app is fairly commonplace, often regardless of its downsides and the data it might be collecting.
Part of the issue is that the majority of users don’t fully understand the value of what is thought to be mundane and worthless information.
“Absolutely yes, very often the end user does not understand the value of this type of information.
“If you were to assign a human to tag along behind you and emulate what your smartphone apps are doing you would have phoned the police months ago!
“We often see that the need for the app overrules our data security and this most often is down to a lack of knowledge given to us by the app provider.”