With the sheer amount of apps available today, almost everyone has some form of personal data online. You may not realize it, but your apps may be exposing your privacy. The photos you take, the messages you send, and even your precise location could be collected and sold for profit.
5 types of apps that are bad for your privacy
Don’t get caught unaware. Here’s a quick look at a few common apps that have been found to expose and potentially sell your private information.
1. Glow and other period trackers
Any information that can be traced back to you should be considered sensitive, but potentially invasive information about a person’s menstrual cycle should always be private.
Unfortunately, that’s not the case for period trackers like Glow, which was ousted a few years ago for having privacy settings so weak practically anyone with a computer and a few hours to spare could access and change a person’s email, check a user’s recorded sexual history and other intimate information.
When an investigator from Consumer Reports went public with their findings, the company behind Glow quickly updated their privacy settings and released an updated version of their app.
Regardless of whether the company was aware (or cared) about these vulnerabilities before, it goes to show how little privacy protocols are considered when it comes to marketing an app.
2. Basic utility apps like the Brightest Flashlight
You’d think simple apps with a single function wouldn’t need to access information like your photos, emails, or contacts, but you’d be wrong. The Brightest Flashlight, a popular utility app, settled an FTC lawsuit a few years ago over allegations that it collects a user’s GPS location and unique device identifier, which it then sells to third parties.
Even after this scandal first came to light (pardon the pun), people kept downloading the app, giving the company an easy way to make money while privately soaking up data in the background. Talk about leaving people in the dark.
Pro tip: Most phones have built-in flashlights, making these privacy-sucking apps obsolete.
3. Starbucks and various loyalty apps
While the Starbucks app makes it easier to order your double tall frappuccino with a dash of cinnamon powder without misspelling your name, it was busted for storing highly sensitive information—like your password and email—over HTTP instead of HTTPS, which basically not only leaves your front door unlocked, it leaves it wide open.
To add insult to injury, this careless security measure becomes even more dangerous when you store your credit card information on the app. Imagine using your app to pay for your mocha while someone in the background quietly takes note of your credit card. Scary thought.
4. MeetMe, AffairD, and other dating apps
As if it wasn’t already hard enough to enter your personal information into a dating app, now you have to worry about that sensitive info being collected, analyzed and then sold. Popular dating apps like MeetMe, which requires users to enter their religion, age, ethnicity, sexual orientation and more, creates a secret ID of each user and then sends that information in bulk to data firms—without the user ever knowing or consenting.
AffairD, another dating app, also gives users more than they bargained for. By transmitting highly personal data packets over HTTP, the “no-strings-attached” app leaves a trail for virtually anyone to see. Your name, email, passwords, etc. are open season.
5. Every fitness tracker. Ever.
It’s a strange time when insurance companies start offering discounts for people who buy fitness trackers. At first glance it looks like insurance companies were encouraging customers to take advantage of fitness trackers to become more active—and yes, there’s definitely a correlation between healthier consumers and lower insurance risks—but the real reason they want their customers to track their fitness habits is simple: data.
Numerous tests have shown that nearly every fitness tracker on the market (even the coveted Apple Watch) have at least a few privacy flaws. Popular trackers like FitBit, Vivosmart and the Jawbone not only expose a user’s exact GPS location, they employ weaker security settings that leave your information more vulnerable. While Apple Watch arguably provides the best overall security package, it was found to offer updates through the much less secure HTTP as opposed to HTTPS, leaving your privacy exposed—albeit momentarily. Even still, it’s head and shoulders above other apps regarding privacy.
4 ways to fight back and keep your private things private
A 2016 study looked at mined data from smartphones. For Android users, the most commonly shared data is a person’s email address, where for iPhones it’s a person’s GPS data. Whatever the case, it’s your information that’s being sold and therefore on you to help protect.
1. Keep your VPN on
A quick and easy way to help protect your privacy is to keep your VPN on at all times. A VPN will secure your network, automatically encrypt your traffic through HTTPS, and prevent snoops and third parties from hijacking your system.
2. Check what your apps can access
Not sure which apps have access to your Google account? Head to Google’s security page, scroll down to the ‘Connected Sites & Apps’ link and check which apps have access to your email. From there, you can pick and choose which apps you want to keep and which you want to toss. You might be surprised to which apps have access.
3. Use a fake email account
Additionally, when entering personal information, it may be in your best interest to set up a secondary email account. That way if your information does become compromised, it can never be traced back to you.
4. Update your apps
Finally, make it a habit of updating your apps constantly. In addition to new features and services continually being offered, app updates provide a safer, better experience.
The moral of this story? Never assume a company has your best interests in mind. And just because an app is free doesn’t mean you aren’t paying for it another way.
Conclusion: Look after your privacy as you can’t trust companies to do it for you
Unfortunately, companies are always weighing whether an app’s accessibility is worth sacrificing its privacy over, and in some cases, it takes a total disaster (see: Snapchat) for them to take a moment to address their security flaws.
The good news is that Apple announced they would start requiring apps to use HTTPS by default late last year; a few months later Google followed. While HTTPS is slowly becoming the norm, not all apps follow the rules.
But we’re not out of the privacy dark ages yet. As the saying goes, If an app is free, you’re probably paying for it another way.
Comments
gg team
Thank you for doing the research. I definitely think its expert advice.
Thank you for your very helpful article, which I will follow (although I expect you already know that)! The expression “the price of democracy is eternal vigilance” is probably just as applicable to privacy too.
Just checked which apps are able to access my email account. Good tip to know!