AXEL.org

apps

Do Your Apps Know Too Much About You?

Two years ago something incredible happened.

A simple computer game brought the world together and got gamers out and about into the big wide world. But after the immediate rush of excitement about “catching ‘em all”, users started to realize something a little more sinister about the Pokemon Go app.

As well as letting them throw imaginary Pokeballs in real-life locations, the iOS version of the app was caught accessing almost all of users’ Google account information – everything from emails down to photos.

Two years later, Mark Zuckerberg made a statement about the vague data collection techniques apps were using through Facebook. He was keen to iterate that Facebook does use sound clips from videos recorded directly onto Facebook to serve relevant ads after questions around this became louder and louder.

But his statement wasn’t exhaustive enough in covering what exactly our apps know about us.

This is because of the ambiguous nature of app permissions.

They tend to be oversimplified so as not to overwhelm the user, but below the simple sentences and soothing reassurances they can gather a huge amount of data with every single interaction.

Of course, some data collected is absolutely necessary for the apps to work in the first place. For example, a photo app won’t work if it can’t access your photos, and Uber needs your location information so it can pick you up in the right place – duh.

But once you give apps that need information access to your data, they can start to worm their way under the surface to dig out more and more information about you and your behavior.

Take location access as an example.

Once you give away your location, app makers are then able to use that information to figure out what floor of a high-rise you live on or the places you visit the most.

Why Apps Want Your Data

Data is gold for app makers. With information about their user base, apps can perform all sorts of other actions, like:

  • This is the key activity app makers do with the data they’ve gathered. Knowing everything about you means they can serve up relevant ads and charge advertisers more and more for being so highly targeted.
  • Curated content. This keeps users sticking around for more. If they’re seeing more of what they like, they’re more likely to engage with the content and keep coming back for more.
  • App development. Data can be really useful for knowing what users do and don’t like, which can be used in the future to improve the app or make another app altogether.

A whopping one-third of consumers don’t think advertisers collect data from them.

App Permissions: What Do Your Apps Know About You?

Now you know why your apps might want to scrape together the digital breadcrumbs of you, let’s take a look at what they actually know about you, because it can be easy to jump to conclusions and envision a Big Brother type scenario which often isn’t the case.

Your smartphone is actually packed full of sensors which can decipher your whereabouts, what speed you’re traveling at (including what form of transport you’re traveling on), and which way up you’re using your phone.

But you’re not completely powerless.

This is where app permissions come in, a.k.a. the “barrier” between app makers and the data stored in your phone. When a pop-up shows up on your phone with a permission request, it’s up to you to decide how much data you pour into the hands of the app maker.

However, this is easier said than done, and that’s because very few apps give detailed explanations about what information they’re going to collect and use.

Many app makers do this in the interest of their users; they don’t want to overwhelm them with technical drivel, so they keep it simple. But this means that a lot of users don’t actually know the full extent of what they’ve agreed to.

If you want to know exactly what an app can and can’t see about you, there’s a way.

On an Android device:

  • Open the settings app
  • Go to the Apps & Notifications center
  • Choose an app and click Permissions

On an iOS device:

  • Go to the Settings app
  • Choose an app
  • See the Permissions that are listed

On both kinds of devices, you can usually switch off permissions with a toggle button to pick and choose what data can and can’t be collected (though bear in mind that some apps need certain permissions in order to run).

And, though this is a good starting point to find out what your apps know about you, it doesn’t always give you the full story.

Take the incident with Uber recently, where it was discovered that the app was secretly recording screen activity on iPhones. The company hit back that this was to improve functionality with the Apple Watch app, but it just goes to show that even if you think you know what an app can find out about you, there might be something more sinister going on.

How Are Things Changing When It Comes to Apps and Data?

Phone providers are now cracking down on what app makers can and can’t do when it comes to permissions – particularly location permissions.

When requesting location access, app makers now have to adhere to the “only when using the app” rule, which means they can’t track users when they’re not inside the app.

But while control settings are getting tighter, they’re also getting more and more convoluted. App makers are starting to bundle permission choices together and still aren’t quite there with letting their users know exactly what they’ll be using data for.

Apps that require users to “unlock” a particular permission in order to use the app as it’s supposed to be used are doing so without giving away whether they might share it with marketers and advertisers too.

What it boils down to is this: people have every right to choose what they do and don’t want apps to access, but there’s not much they can do if the app in question needs their location or access to their photos to work as they’re supposed to.

In these instances, it’s up to the user to decide whether they want to continue to use the app or give it up entirely.

And, until app makers get clearer with what they use data for, many users will remain in the dark about what data app companies are collecting about them and what they’re doing with that information.

Read This Before Downloading That New App

Last year, the total number of mobile app downloads worldwide was calculated to be 178.1 billion.

And that number is only expected to go up this year, as more and more apps continue to show up on the market and draw our attention.

In fact, with over 5.8 million apps available to download today, you’ve probably had a lot of conversations about that amazing thing you can do on your phone because of a new app.

But have you discussed the safety of those apps you’ve been downloading, and whether or not the data on your phone is still secure?

“Using Apps Safely” might sound like a boring topic—I mean, come on, who cares about that when they’re busy taking a quiz to find out which Disney princess they are—but it’s extremely important for every user to be aware of and informed about the potential dangers of some of the apps on today’s market.

Every new app should pass certain criteria before being downloaded. And there is a huge reason why.

Read This Before Downloading That New App

Apps Cultivate Data

App safety isn’t exactly a new discussion topic, but it’s one that isn’t always taken seriously. Today’s apps are new and exciting and full of promises. You can do practically anything with one—from important things like locking your front door…

…to really important things like proving you’re a true Game of Thrones fan with a Hodor keyboard (really).

But with every app you use, it cultivates more data.

What’s more, mobile marketing is making a bigger appearance because businesses are fully aware of the monetary potential that apps now carry. And this means that the data we cultivate while using our various apps is becoming more and more desirable.

How much data do we cultivate while using apps?

Think about it: We live with our phones connected to our hands; we communicate with friends and coworkers, we answer emails, we track our health, we calculate our caloric input, we shop for clothes, we keep tabs on our bank accounts… we even let our devices memorize our faces.

Just last year, Statista calculated that app users spent 77% of their valuable time on their three most-frequented apps.

Read This Before Downloading That New App

That’s a lot of time spent on apps, and a lot of data created while using them. For marketers, it means a gold mine of monetary potential.

Read This Before Downloading That New App

Using Apps = Making Money

As we open our various apps, make in-app purchases, and tap on one link after another, some companies are tracking our behavior because it gives them a better picture of who we are and what motivates us to click “buy.”

This is why we have to pay attention to the integrity of every app we download. Some companies are sneaky about the data they collect and how they handle the data that they collect. It’s valuable stuff, and there’s a lot of it, so they’ve figured out an easy way to get what they want without you catching on—which is through their apps.

And that, of course, means our data privacy concerns need to extend into the world of apps.

So if we know the potential danger of downloading an untrustworthy app, then why are so many everyday users careless about which ones they download?

I mean, you wouldn’t let just anybody into your house to rifle through your closet, read your mail, browse through your personal journals, and then use that information to make money, right? So why would you allow an app to essentially do the same thing to the data on your phone?

The answer to that is this: the ease and excitement of downloading a new app far outweigh any potential threats that the app might pose.

Because of this, many of us tap the download button without giving a second thought to the app’s safety and then suffer the consequences of having downloaded a “Trojan” app—one that hides a brutal invasion.

Suddenly, we go from operating our phone to holding a data-laden device in our hands that’s being operated by hackers.

But here’s the good news: you can learn to spot a potentially malicious app before it harms you.

And you can feel more confident about the safety of your apps by checking certain things before tapping that download button. It’s easy to enjoy the benefits of some of those amazing apps out there if we just learn how to perceive whether an app is safe or not.

So, before you download anything new, make sure to run that app past a few safety checkpoints to ensure that it upholds data safety practices.

It’s easy to enjoy the benefits of some of those amazing apps out there if we just learn how to perceive whether an app is safe or not.

Read This Before Downloading That New App

4 Checkpoints An App Should Pass Before Downloading

Imagine it’s a Sunday afternoon, it’s raining, everyone you know is too busy for you, and even your dog doesn’t want to look at you. You’re bored—and you want to download that cool new app and figure out all the incredible stuff it does.

If you’re bored out of your mind, you might be tempted to throw caution to the wind and hit “download” without a second thought.

But before you do that, remember that you like your data better when it’s not being exploited—so take a few minutes and double-check to see if that new app can pass these 4 safety checkpoints.

Checkpoint One: The Integrity of the App’s Marketplace

Where is that app coming from? The best route to take when downloading an app is to start from a reputable market source. Read through their privacy policies and whether or not they hold their developers accountable to their strict policies (for example, here are Apple’s developer guidelines and Google’s policy for developers). Reputable marketplaces will have strict privacy policies and guidelines and have a history of expelling violators.

Checkpoint Two: The Reviews

Read the reviews. Are the ratings high, or at least reasonable? Did any reviewers mention that they downloaded the app and were invaded by malware? Or, does every single review seem positive and fake? Some app developers will hire people to leave fake reviews in order to boost their ratings. Take some time to read through a good mix of the app’s reviews and evaluate whether it seems safe or not.

Checkpoint Three:  The Company

Does the company that created the app seem safe and reputable, or does it seem questionable? Go to the company’s website and read about their history, maybe find out about their team, and see if they are a legitimate company and not some clueless app tinkerer trying to throw bad apps into the mix. Trustworthy companies aren’t going to risk their business by putting out a nasty app.

Checkpoint Four: The Privacy Policy

Before ever allowing an app to take up space on your device, take the time (I know it doesn’t sound fun, but trust me, it’s worth it) to read the company’s privacy policy in order to learn exactly WHAT information they plan on acquiring and HOW they plan to use that information.

A lot of untrustworthy apps have questionable policies that fly under the radar because most people don’t want to bother with taking the time to read through its technical lingo. Don’t let this tactic get you—read through the policy and find out whether that app will be accessing data and selling it to third parties or using it in other ways for monetary gain.

Essentially, any new app you’re checking out should come packaged with a privacy policy that you can trust your data with and that is clear and honest about its intentions.

(In fact, if you want to see an example of a solid policy right now, check out the AXEL privacy policy. We’re kind of proud of it.)

Read This Before Downloading That New App

Happy App-ing

There are plenty of bad apps out there that you will want to avoid, but there are also plenty of really awesome apps out there that might actually transform the way you do things in the best possible way.

It’s up to you to be aware of the benefits and dangers of today’s apps and to assess whether the one you’re about to download will protect your private data or put it at risk.

And remember: although there are some app developers out there who want to hack your data with their invasive app, there are also a large number of trustworthy developers out there who know how to combine innovative tools with strong privacy protection.

So don’t worry—you can have fun and do amazing things on your phone while also protecting your data.

How This Machine Learning App Will Help You Become the Next Picasso

**This is part of our series highlighting startups who share our mission of trying to make people’s lives just a little easier**

“Earth” without “art” is just “eh”, claims the headline on SketchAR’s homepage.

But not everyone’s the next Picasso or Van Gogh. Not everyone can craft a masterpiece like the Mona Lisa – until now. Or, at least, that’s what this new augmented reality app hopes to change.

Augmented reality has become huge over the past few years – we only have to look at the mind-blowing success of the Pokémon Go app that integrated the user’s actual location with graphics from the game itself. The game was so popular that everyone from prime ministers, reporters, and law enforcement officers were all having a go.

Bridging the gap between the real world and the digital one has become a huge trend in the tech industry, with multiple different types of apps and industries venturing into this crossover territory.

Today, AR is helping people do far more than just catch ‘em all. It’s helping them learn how to sketch, which is great news if even your stick figures leave much to be desired, like mine.

How SketchAR Makes an Artist Out of Anyone

The app works by overlaying a virtual image on a real-life piece of paper which shows up on the phone screen. Ideally, users need to get a tripod involved, as it can be difficult to hold the phone over the piece of paper in one hand while sketching with the other.

With a built-in selection of pre-made sketches, users can get started right away on perfecting their drawing skills, or they can upload and convert pictures from their own camera roll and turn them into traceable images.

Then comes the fun bit.

Once the user has chosen which image they want to sketch out from their screen onto a sheet of paper, they need to draw five circles around the edge of the page so the camera can recognize the canvas.

After that, the image aligns with the five circles and displays on the screen, allowing the user to go right ahead and trace, draw, sketch, and be creative.

At the moment, SketchAR can only be used on A4 paper, but there are big plans on the horizon. Soon, larger canvases will be available as well as built-in sensors to detect a physical location so mural artists can get involved as well.

The Future of AR Technology in Apps

AR isn’t a new technology.

In fact, the first AR headset was developed by Ivan Sutherland in 1968 with the term “augmented reality” later coined in 1990.

It wasn’t until 2009 when AR was integrated with the internet that things got really exciting, though.

So exciting, in fact, that the AR and VR market size in 2021 is set to reach $215 billion – a massive increase from the $17.8 billion predicted this year.

While games like Pokémon Go make it easy to believe that AR is only good for entertainment purposes, it’s actually proving to be a huge hit in helping people develop new skills and advance in the workplace.

In a ISACA survey, 64% of US consumers believe that AR enhancements would benefit the workplace, while a further 69% believed that this kind of technology could help them learn new skills.

This is where SketchAR comes into play.

In the past, learning a new skill meant going to an evening class or taking a course. This equated to spending money and having to give up precious time, which probably put a lot of people off.

However, with the birth of AR apps like this, people can learn a new skill from the comfort of their own home whenever they want – it sounds like a win-win situation, right?

Most people would agree.

It could be argued that AR has opened up a new era for computing which goes beyond the limits of a small screen. Maybe in the not-too-distant future we won’t see workers at desktop computers anymore and will instead see them wearing headsets that let them interact with data and information in real-time right before their very eyes.

But on the flipside of this there are – as always – causes for concern. Just like there is with any new technology – especially ones that rely on mixed reality.

Because it is finely attuned to the real-world, AR usually has access to location information of its users. Take Pokémon Go again, which offered up different kinds of Pokémon depending on where the user was. This led to a spate of news reports about robbers who had used the game to lure unsuspecting players to specific spots to steal from them.

And, because AR operates in both the real and the digital worlds, there are concerns about the digital side of things, too.

The ISACA report shows that a large percentage of consumers are very or somewhat concerned that AR enhancements make their devices more vulnerable to privacy breaches.

It seems hard to equate hacking and data breaches with a seemingly harmless app that teaches people how to draw better. But when you think that new technologies like AR need new processes and new systems in order to keep operating at their best, there’s bound to be some pushback from the general public.

Sure, SketchAR may well make an artist out of you yet, but is that all it does?

So far, so good.

If you want a quick and easy way to sketch a picture of your dog for your mom’s birthday, SketchAR might just be the thing you need. But with AR technology advancing by what feels like the day, we’ll be keeping a close eye on what it’s going to help us do in the future.

Because after all, once we’ve mastered the paintbrush like Picasso, what’s next?

Apps That Wreak Havoc On HIPAA

This is the era of multiple devices and millions of apps. Phones, tablets, and smartwatches are filled with apps intended to make our lives easier.  And it seems almost daily we read about how some – or all – of those apps are spying on our lives.

Many people don’t care.  To some extent, I am one of those.  “I don’t do anything so special in life that anyone will want to hack me” is how I feel about most of my internet presence.  I happily share photos of my family, my dogs, and my travels.

But, I do worry about money and health issues; the things that I feel need to be secure.  So when my iPhone asked for access to my health information I was hesitant to share.

The iPhone comes standard with the “Health” app (Fitbit and other devices also take, store, and share health information). In the app, you can enter your health record data and share it with other health related apps on your device.  It can also pull such data from your other apps too.

You can enter vitals, lab test results, and even track your reproductive health – where it asks for everything from your menstruation history, to sexual activity.

Wow.  To say I was surprised to see this information on an app is an understatement.

Maybe I am old fashioned, but I cannot imagine grabbing my iPhone after sex and entering the event in; it’s akin to grabbing a cigarette in the old movies.  And if you did enter it, if you ask Siri about the last time you had sex… would she answer?   I will leave that alone for now.

Is your phone secure?

Naturally, I thought that if my phone wanted to hold my very private health information, it must be secure.  So to play off the old movie reference, it’s For Your Eyes Only.  But the app is not secured by any authentication.  Well, once your phone is unlocked that is.

So, if anyone gains access to your phone, guess what…they would quickly be able to learn your sexual activity, recent blood alcohol content, and anything else you happened to trust your handy-dandy iPhone with.

Of course, if that information is on your phone…. guess who else has it?  Apple, Google, Amazon, or whomever you have your back-up account with.

As I look at my phone, I realize that I have access to all my information but so does Apple.  Certainly the type of information Apple Health is seeking from me is my private health information; HIPAA calls it Protected Health Information (PHI).

Thus, it could be subject to HIPAA regulations. If so it’s safe and secure under federal law.  But, is Apple is an entity that would be subject to the privacy and security rules of HIPAA? Are they a Covered Entity (CE)?  The answer is no.

HIPAA applies to doctors, hospitals, medical insurers, and other health care providers.  They are what’s classified as CEs under HIPAA.  So the people that normally treat you and deal with your medical records and billings have to comply with HIPAA.  But, just having medical records does not create a HIPAA obligation.

Further, other companies which support CE’s can be subject to HIPAA as well – they are the Business Associates (BAs).  An example might be a medical device manufacturer; a hospital’s cleaning service or vendor that supports medical care in some way.

Tech companies aren’t restricted by HIPAA

Apple is none of these things.  So Apple has no requirement of privacy or security over my medical data.  Likewise Fitbit, Sprint, or whoever is similarly NOT restricted by HIPAA.  But they will have all my PHI… which is a scary thought.

As I read more and more about the medical profession and IT, it occurs to me that doctors and patients are using their smartphones to communicate.  And we should ALL encourage more communication.  But what if I use an app to share with my physician?

In that case the data gathered by the physician would likely come under the purview of HIPAA.  But what if the app we are using, itself, is not secure (e.g. the Health App, or simply iMessage)?

Does the doctor need to comply with HIPAA privacy and security standards, even though we all know the data is already compromised by the patient’s method of delivery?  I don’t know the answer to this one.

It would appear similar to a waiver of the attorney-client privilege when the information is shared in the presence of a third party.  But, HIPAA has express provisions for when HIPAA can be waived; not a single word exists about an unintentional waiver.

Thus it would seem that a doctor would have to abide by HIPAA, even knowing that the patient has exposed the very records to others. Certainly you don’t want your doctor to send your records to anyone willy-nilly and have the defense be that you texted them to him/her.  Once the doctor has the PHI, it’s protected.

But I have not seen anyone litigate this question.

HIPAA and the emerging tech world

Do we have HIPAA issues with our new-fangled “wearables”?  The answer is… maybe.  HIPAA does not apply to everyone.  You can give your health records to whomever you want; after all HIPAA was created to protect “you” from unauthorized acts of “others”.

But HIPAA also has clear limiting applications to what they call Covered Entities and Business Associates of those entities.

So you may want to think twice about entering any personal heath data into your new device; it’s not secure as it sits on your device and your cloud provider has no obligations to make it secure.

But if you provide any of that information to your health care provider, they will have an obligation to meet HIPAA’s requirements for privacy and security for the data they receive.