You are here: Home / News & more / News / Do (mobile) apps steal our data?

Do (mobile) apps steal our data?

Illustration de l'actualité - cliquer pour agrandir
Who hasn't heard of the Zoom case? The Zoom app has become the most downloaded free application since the beginning of the current health crisis. Nevertheless, many people have pointed out problems related to the collection and management of personal data by this American company and, consequently, to the respect of its users' privacy.

Indeed, Zoom disclosed personal data to Facebook even if the user was not a member of the social network. On 26 March 26, Vice revealed this data-sharing, which only affected users of the iOS application.

So what's the big deal?

This data sharing was not mentioned anywhere in Zoom's privacy policy. Without your consent, Facebook could retrieve information such as the time you opened the application, your smartphone model, the city you were logged in from, and your operator, in order to create your "ad profile", which allows advertisers to send you targeted ads.
This is, of course, contrary to the GDPR: your consent is required for this data sharing!
Following this, the Zoom app was updated on 28 March, but it is up to the user to remain vigilant and set up their profile properly.

Zoom is not an isolated case

Last February, Google Play Store removed 24 apps (offering free VPN services) following a VPNpro report that pointed out some dangerous apps that stole data.

What can you do?

Before downloading

As well as having a device with up-to-date software and a secure connection, make sure you:

  • choose solutions that protect privacy. There is a clue in the nature of the personal data requested, and also in the level of permissions needed for the application to work (e.g. permission to access your contacts and your photos);
  • avoid downloading the application from an unknown website or source;
  • use only those applications in which the editor clearly indicates how your data is reused (in the application itself or on its website, for example);
  • read user comments (e.g. forum);
  • verify who the publisher is and whether they have implemented critical security measures, such as the encryption of end-to-end communications;

When registering for the service:

  • Whenever possible, limit the amount of information you provide during registration: use a pseudonym and a dedicated email address, check the privacy options provided when creating the account, etc.;
  • use a different password to those used on other online services;
  • read the General Terms and Conditions (GTC) and other legal notices, in particular the information on the protection of personal data. Indeed, all companies providing a service to European users are obliged to apply the General Data Protection Regulation (GDPR).

During use

  • Take the time to look at the application's settings, especially those regarding your privacy (check, for example, if there are options for downloading your data or limiting the use of certain information);
  • close the application when you are no longer using it;
  • be especially vigilant when minors are using these services;
  • each time you update, check that the terms of use, privacy policy or permissions have not changed.
  • If you no longer use a particular app at all, then remove it completely!

Which app: free or paid version?

The principles listed above apply regardless of the application and its installation conditions. But keep in mind that "nothing in life is free", and that nowadays (personal) data is worth its weight in gold...

This article is part of an information security awareness programme of the BRIC. Other useful reminders and recommendations will follow on a regular basis.