Spam phone calls, or “robocalls,” have become a huge nuisance in the last decade. The FCC received 52,000 consumer complaints about caller-ID spoofing alone in 2018. Spam-blocking apps have been touted as a way to protect consumers. But these apps themselves tend to have access to your phone number, your contacts, and even your text messages and voicemails. What would happen if a third-party company gained access to this data?
Privacy policies are a nightmare. Don’t just take my word for it: A New York Times article was titled, “We Read 150 Privacy Policies. They Were an Incomprehensible Disaster.”
Yet they’re also the only way for non-technical mobile app users to know what kind of data they’re giving up, where that data is going, and how it’s being used. If people had greater transparency into what their apps are doing behind the scenes—and whether private information is being sent to third-party companies—they will have the foundation to make informed decisions about which apps to use, and how, and when.
Of course, I couldn’t find the right place to report my findings and ended up filing a claim with customer support for apps violating user privacy. One company was actually nice enough to publish the email for their data protection officer, but the message bounced back when I reached out. After several attempts to contact these companies I only got one vague response back. They said that the matter will be “looked into.”
So here’s my take on this messy field.
Privacy should be by design, not policy, and should consider the user experience. People often click their privacy away by blindly pressing accept. Imagine that right before you install an app, you see a graphic appear that explicitly describes what data is being collected about you, and where it’s being sent. This kind of transparency should be a priority for both app developers and app store reviewers. Is an app’s functionality worth having your personal information compromised? If only you had the option and the information to make an informed decision.
Dan Hastings is a senior security consultant at NCC Group who’s passionate about mobile security and privacy. He has experience in technology education, training, and event facilitation and thrives on travel, education, and using technology as a catalyst for social change.