You may be revealing too much of your data to your apps, survey reveals

Nurul Azliah Aripin
·Lifestyle Lead
Malware DroidJack allows cybercriminals to assume control of Android smartphones without users being aware

A recent survey on the top 100 mobile Android apps from Google Play Store revealed that these apps have been collecting excessive personal information, potentially breaching Singapore’s Personal Data Protection Act (PDPA).

A joint study by operations compliance and risk management company, Straits Interactive, as well as Appknox, a company which provides a tool for security loophole testing, shows that at least half of the apps surveyed have gained “excessive permissions” to personal data (58 per cent), and did not provide adequate information to users as to how private information would be used (55 per cent).

“In terms of permissions, many of the apps surveyed require potentially sensitive information such as location information – 70% (compared to 32% global average); 29% requests permission to access the camera and 52% to the device ID,” said Straits Interactive in a press release on Wednesday last week.

According to Straits Interactive chief executive officer Kevin Shepherdson, “The findings raise privacy concerns and security risks from organisations deploying mobile applications, especially on the Android platform.”

He also said many app users are “freely giving permissions upon installation” without fully understanding how their personal information will be used.

“As Singapore moves towards its vision of becoming a Smart Nation, companies developing or deploying apps for their customers and users will need to address and strengthen the privacy elements of their apps… They may not realise the privacy implications of their actions and that they may be contravening the Personal Data Protection Act.,” said lawyer Ken Chia from Baker & McKenzie.Wong & Leow.

The survey findings have been submitted to the Personal Data Protection Commission of Singapore (PDPC), which was set up in January 2013 to administer and enforce PDPA.

The PDPA recognises individuals’ rights to protect personal data, and the needs for organisations to collect, use or disclose personal data for legitimate and reasonable purposes.

While there are no penalties for the excessive possession of an app user's personal data under the act, it is an offence if the individual or company makes a false statement to the PDPC.

If an individual is found guilty, he or she will be liable to a fine not exceeding $10,000, or imprisonment no longer than 12 months. In other cases, it will be a fine not exceeding $100,000.

 

  • Up next
  • Up next
  • Up next
  • Up next

Latest stories