The Pentagon has warned military personnel not to use fitness apps or wearable fitness trackers that collect location data or could otherwise compromise military operations. While the apps are banned, some are difficult to use without having location tracking on – resulting in a de facto ban on military installations and other government facilities.
However, the problem of what apps may share goes much deeper than just one’s location.
According to the findings from a new study conducted by SQL Server Consulting, a lot of personal information is being shared.
“The findings underscore the prevalence of data sharing across different types of applications, raising awareness about privacy concerns among users. The fact that these applications have collectively been downloaded billions of times and are used daily does raise questions as to whether people know just how much of their own, personal data has been unknowingly shared with third parties,” SQL Server Consulting warned.
“These results emphasize the importance of user vigilance and informed decision-making regarding app usage, as well as the need for continued scrutiny and regulation within the digital landscape,” the study’s authors added.
The study from the database firm analyzed the most downloaded apps on the Google Play Store and found that the Picsart AI Photo Editor, which has over a billion downloads, to have the most privacy concerns. It shared to third parties the location, personal information, photos, videos, audio and other files and documents, as well as app activities of users.
The majority of the apps in the top 10 were video game-related – including such popular titles as 8 Ball Pool, Temple Run, and Candy Crush Saga. The report warned that these apps often shared personal information as well as financial information to third parties.
The other potentially-overly invasive apps on the list were Amazon Shopping, which was found to share six different sets of information including financial data, health information, and app activity; and Spotify, noted for sharing location, personal information and Device IDs.
TikTok is on the List
Not surprisingly, TikTok was on the list of most invasive programs on SQL Server Consulting’s list of problematic apps, and the Chinese-owned social messaging app was noted for sharing a plethora of personal information. Despite repeated warnings about the app, TikTok – which has also been downloaded a billion times – remains popular with users in the United States.
Lawmakers have continued to call for an outright ban over concerns that it could share more than just the data related to videos on TikTok. The concerns are that other information on a users’ device could be gathered – while its connection to China has raised enough concerns that TikTok is banned outright on government devices.
Too Much Information
Increasingly many apps require that users agree to share data – with a claim that it is necessary for the app to work properly. However, this should not be taken lightly, cautioned experts.
“It is always a concern when user data is shared,” said technology industry analyst Rob Enderle of the Enderle Group.
“Users have indicated that if that data is used to improve their experience, they mostly don’t care about sharing it but if that data is used against them, as is often the case, then they’ll be upset,” Enderle told ClearanceJobs.
This should also be seen as an issue as more mobile devices are being used for work.
“In a borderless world with the global trend towards flexible and remote work – a wave of privacy and cybersecurity challenges has been triggered,” added Susan Schreiner, senior analyst of technology at C4 Trends. “Personal devices like phones, computers, and tablets, are frequently also used for professional purposes. Despite the convenience of downloading apps, people need to use their business or personal with greater intent. It’s easy to download an app and not know what personal data is being tracked, or even if the app is authentic. Does it contain malware or pose other privacy and security threats?”
Terms of Usage
Users are also all too willing to accept the terms of usage, often without realizing what they are agreeing to, Schreiner told ClearanceJobs.
“Beyond clicking on ‘Accept All,’ the user has choices including denying consent for ‘Advertising and Targeting Cookies,” she continued. Employers and employees need to become better partners to protect each other’s interests and privacy.
“We’re no longer living in a corporate culture where one-size-fits-all,” Schreiner suggested. “As the pace of technological disruption accelerates and new digital playgrounds are continuously emerging – there is a critical need to balance privacy and trust on an everyday, ongoing basis.”
As a result of privacy concerns, there could be good cause not to use the same device for work and play, at least not if it is playing the games that are sharing so much personal information.
“An authorized work only phone makes the most sense when you, as an employer, are concerned about company confidential information getting out,” added Enderle. “And work phones should either be locked against app install or checked regularly and cleaned of apps that might compromise the employee and, if found, the employee should be punished for violating company policy in order to protect that data. Whitelisting, providing a list of approved apps, also works but blacklisting can’t keep up with the massive number of questionable apps being created. A combination of company owned and managed phones, whitelisting, and enforcement of app rules should limit, if not eliminate, this exposure.”
