The quality of user experience in terms of mobile apps is directly related to the amount of user information entered into it. And now that we are at a time being considered as the “post-privacy era”, people need to be aware of the pros and cons in entering their information into mobile apps.
Developers are continuously trying to improve mobile apps, which have started to play big parts in our lives. Apps make things more convenient for us, and at times more fun: from apps that help us organize our tasks, apps that let us see all the latest news in a glance, to apps that allow us to have fun by slicing fruits or killing green pigs.
Trend Micro Researcher Robert McArdle also explained that apps create a better user experience for users. He states, “The other big reason for the popularity of apps is their ease of use. Browsing the internet on your mobile phone is not the same experience as doing it on a laptop. In most cases apps are specially crafted browsers for a particular site.”
The amount of user information entered into apps is a known privacy issue, one that was heavily discussed because of the recent Carrier IQ issue. As we mentioned before, the biggest issue with Carrier IQ was informed consent — something that is well-taken into consideration with apps since users must knowingly install an app before it gains access to any information. So for apps, the choice to whether volunteer their information or not, in exchange for certain services, is really on the users’ hands.
To help users out in making such a decision, we’ve listed here 3 truths about applications that users can consider before installing an app, and volunteering their personal information:
Sometimes, apps really do require/need user information to function
Apps have become customizable, wherein the programs are designed to function based on users’ input. Good examples of these are location-based apps like Shopkick and Foursquare. Such apps were among the top tech trends for 2011, and are expected to boom more in 2012.
For such apps, it is only logical to require user information upon signing up. But of course, the amount of information required should be limited only to those necessary in order for the app to function properly. Android built their “permissions” model on this concept, and is something that should be utilized by the users.
There are also times when the entering of information is not something that the app requires, but is something that enables an enticing feature for the user. For example, some apps tell users to connect their social network account to the app, to be able to share their app activity to their friends. In such cases, users should keep in mind that the more information they put into the app, the bigger the consequence will be should things go wrong. Which brings us to the 2nd truth:
There are risks in entering one’s information into an app
User information is a commodity in today’s threat landscape, so it’s a given that there will be risks presented when sharing your information practically anywhere, not only applications. These risks mostly revolve around unauthorized access to user information, so at this point, it is important for the users to figure out whether the service they are trying to acquire through the app is something that would be worth that risk.
Another thing that users must also realize is the possibility that the company handling the app they are installing might outsource some part of their service, so it is possible that another third-party company will get access to their information. This is a truth that was realized the hard way through the Epsilon incident, and more recently, Carrier IQ.
Developer reputation is very important
For users, who will get to handle their personal information should be a primary concern. Android, for example, is a very open platform and allows many developers to upload their work into the Android Market, so users need to choose wisely with whom they will entrust their information.
We think that the most important thing that users must realize is that they are ultimately responsible for their information and their devices. Mobile applications do provide great convenience, but at the same time present some risks. These are risks that users don’t fully realize or at times, choose to ignore. The purpose of Android‘s “permissions” model is to inform users about the kind of information apps can access, but these are usually neglected.
Moving forward, Robert advises users to strongly consider the implications of entering information into any app before doing so. “The key thing to remember is think before you give an app access to your data. Does a game really need your social network login details just so it can contact your friends? Would you hand the same credentials over the developer over email if they just asked for them? If you have any doubts about giving over sensitive information – just don’t do it”
Users should not keep themselves from enjoying the services provided by applications just because they require user information, but they should be well aware of the risks and be prepared to protect their data should it become necessary. For more tips on how to do this, please check our Mobile Threat Information Hub.