Smart phone, or pocket spy?
Mobile apps are gathering ever more data. Does this pose a risk to personal privacy, and business confidentiality?
Inside the Enterprise: Everyone likes free apps for their phones. That much is a given. But, in reality, we might be far less comfortable with the real price we pay for something that, on the face of it, appears to be free.
There are hundreds, if not thousands, of free programs both on the Apple and Android app stores, covering everything from casual gaming and entertainment to collaboration and productivity. It's quite possible to equip a smartphone or tablet with a powerful suite of business software without paying a single penny, and to rival a laptop for under 50.
As AVG's CEO, JR Smith, pointed out at a privacy debate at this year's Mobile World Congress, it is hardly a choice if the only option presented to a consumer is to consent to data collection, or to not install the app at all.
But some of these apps hide somewhat of a dirty little secret: they are paid for, not with cash, but with your personal data.
Smartphone apps are now coming under a great deal of scrutiny. There's just one reason for this. It's because of the information they collect. Some of that data collection might seem sensible enough: performance information about the software and any bugs, for example. And few users would question it if a navigation application wanted to track their location.
Unfortunately, some apps go much further, collecting large volumes of wide-ranging data. Some of this is highly personal; some of it could become personal if it were combined with other information.
Apple, for example, has been clamping down on applications using an identifying code in each of its devices the UDID due in part to worries about how the UDID is being combined with location and personal data to create a picture of the user that goes far beyond Apple's need to track the performance of its devices.
This type of data collection can lead to "jigsaw identification" of individual phone or tablet users, and their habits. And privacy regulators are increasingly worried that people downloading applications do not really understand the data they are trading in exchange for free software, and that software developers are not giving consumers the chance to make an informed choice.
A survey carried out by the Mobile Entertainment Forum (MEF) and AVG, an IT security vendor, found that only 37 per cent of consumers are comfortable sharing data with applications. And, as AVG's CEO, JR Smith, pointed out at a privacy debate at this year's Mobile World Congress, it is hardly a choice if the only option presented to a consumer is to consent to data collection, or to not install the app at all.
In some cases, app developers are setting out to use data, or user-generated content, to "monetise" their software such as in the recent controversy over photo-sharing app Instagram.
In other cases, app developers are simply trying to future-proof their software by trying to gather information that might be useful for new versions. It is easier, they argue, to ask for catch-all permissions now than to go back to the user and ask again.
On a personal level, the privacy worries this raises are understandable. For businesses, though, apps' data gathering policies need even greater scrutiny. If an app collects location information and knows when a salesperson uses CRM, to take one example, it could work out where a firm's customers are. Worse still, it could track their staff and what they're up to.
Until the smartphone software industry is clearer about the data it collects, and why, businesses should at the very least read those T&Cs before they click "install".
Stephen Pritchard is a contributing editor at IT Pro.
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now