Asia Pacific Daily News - Focus on Asia-Pacific Development, Daily News Express, Scholar Creation Center

Expert: Smartphone apps may obtain 8 types of private data

text

Wherever you are, whatever you do... could all be traced by strangers through smartphone applications!

Office of the Privacy Commissioner for Personal Data (PCPD) issued "Study Report on the Privacy Policy Transparency of Smartphone Applications" on Tuesday. The PCPD in May conducted a study on 60 apps, all of which were found to have access to 1-8 types of private data, whereas only 60% of the apps studied have a data privacy policy statement.

The PCPD selected 60 of the most popular apps in Hong Kong, half Android and half iPhone. Among them, 54 are provided for free.

All the apps investigated have access to 1-8 types of private data, including IMEI number (73%), location information (60%), SMS/MMS stored on the phone (13%) and Call logs and address books (10%).

Henry Chang, Information Technology Advisor of PCPD, says, "although the result shows that only 10% of the apps are reading users' SMS and address books, tens of thousands of apps in the market are still uninvestigated."

He further mentioned about the IMEI number and the account number are unique identifiers, which are linked to other private data, including location information. For instance, if app A with access to your IMEI number and location information, and app B with access to your IMEI number and account number, are developed by one operator, or if the developers of the two apps cooperate, then the information mentioned above may be combined together to work out the users' account number, location, places they have been to, and advertisements they have read. This operation may be used for tracking personal preferences, and even for commercial purpose.

What PCPD also discovered is that out of the 60 apps investigated, 24 of them do not make any privacy statements, and even if the other 36 of them do have a privacy policy, 97% do not state clearly the exact purposes for each type of private data they are obtaining. Furthermore, the majority of their statements are too long and hard to read.

According to Cheung, overseas reports indicate that free apps are more likely to invade privacy that the paid ones. "Otherwise why would they(the app developers) provide free services?"he says.

Cheung advised phone users to switch on the positioning function only when needed. In addition, they should install an anti-theft software. "Anti-theft softwares do not stop the leak of private data, but they can track those data and remind the users to delete the malicious apps from their phones," he explains.

"Some apps are so 'persistent' that even if you delete them, your personal data may be stolen as well. In this case, you may need to clear the data on your phone," he adds.

Lavinia Chang, Deputy Privacy Commissioner for Personal Data, said that the PCPD has sent mails to developers of 10 apps, requiring them to stipulate more specific privacy statements to users. As for the developers of the other 50 apps, suggestions have been given on how they should increase their transparency.