You know it. You come to a website for the first time, and immediately a banner appears on the screen that announces: "This website uses cookies 🍪." You quickly click tap on the greenest button to get rid of the notification and continue browsing the web. Problem solved! Or not even?
Well, it doesn't have to be.
Browsing websites, like using some applications, always costs someone something. Therefore, application developers or website operators also expect some counter value. In most cases, that consideration is the data of app users or website visitors.
In this blog article, we'll focus on what data apps usually collect about their users and what it is used for.
The nature of the collected data varies from case to case. Each application should have these things clarified in the Terms and Conditions and Privacy policy (it also includes cookies). In the case of downloaded applications, this information is also found on the platform, e.g., Play Store, Amazon Store, App Store, and the like.
For some applications, it is necessary to obtain data about their users – for example, the application Maps or GPS navigation needs to have access to the current location of your mobile device if you want to get the route from point A to point B at a given moment. However, this is less important for social media.
If users share their location publicly in the application, they expose themselves to threats. For example, people on vacation abroad can share their position by tagging places in photos. They unveil that their house is free. It is an unofficial invitation to flat burglars. IYKWIM. In this case, location sharing has done more harm than good.
Okay. So let's move on from this particular example to our original question.
Source: Unsplash
What data do applications most often collect?
As mentioned earlier, data collection depends on the nature of the application and the developer's intentions. However, the most common is the following data:
👤 Personal data: first name, last name, gender, date of birth, phone number, email address, and language. Sometimes, it can be government data, such as the ID card, driver's license, passport, or biometric data (fingerprints, profile photos, voice identification). In particular, applications providing financial services require this information for verifying persons.
🧭 Geolocation data: as mentioned in the example above, you give apps access to your current location so they can target your current location.
📱 Device data: applications can collect information about the smartphone brand, operating system version, unique device identifiers (IMEI – The International Mobile Equipment Identity, MAC address), or IP address.
📊 Usage and analytics data: this is data related to interaction with the application. It includes, for example, which functions in the application the user uses most often, how long it takes him to act, the date and time of using the application, and so on. It also involves the data that map user preferences and behavior, e.g., in A/B testing, it is determined which design variant users respond to better, or finding out which user interface is easier to understand and leads faster to the desired action (e.g., a quick in-app purchase).
Some app developers also use third-party tools to collect data. That brings into the game another entity that has close access to user data. (Google Analytics, Facebook Analytics, Firebase Analytics, or Flurry Analytics, to name a few.)
When it comes to social media, it can also be private messages, data about our contacts (friends, family, relatives), or files (photos, videos, voice recordings).
But perhaps you are more interested in an even more fundamental thing:
Source: Unsplash
Where does data end up, and how can it be used?
Here we move on to the second part of the article. The best scenario is that the developers use the collected data to improve the app functionalities or fix bugs. That's the best possible thing. After all, who would want to use technology that sucks and is outdated? Further, this information can be used for marketing purposes, that is, to create personalized advertising, user profiling, and optimization of advertising campaigns. It's not a coincidence to encounter the same ad twice within the app after visiting the product's website; it's a marketing technique known as remarketing. Based on such data, marketing teams can target similar audiences, i.e., targeting people who are similar to you (or your data) to gain new customers. However, we are now moving on thin ice.
Some companies are willing to buy the data. (This is the topic for another article.) Merchants often compile a database of customer data, which they may subsequently offer on the data market for further distribution. In this case, there is a question mark whether somebody will use data only for advertising purposes. You may find your ID card for sale on the da*k web. Yes, it happens. Among other things, some application accounts may be exposed to cyber-attacks, primarily those that are widely used and contain a rich source of data. The best example of such applications is social networks. One of the most used applications in the Social Media category, Facebook, is the most frequently attacked by hackers. No wonder. After all, it has more than 2 billion active daily users. That's a goldmine for a bevy of accounts to be hacked.
Source: Statista
If a hacker gains access to the account, he can get access to personal information, contacts, and other data. One example of how they could exploit this information is through blackmailing or phishing attempts on your friends, wherein they may ask for money in your name. It is just one type of crime that can be committed based on the acquired data. Additionally, the fact that some applications rely on an internet connection further increases their vulnerability. And that means that your cyber security is under threat.
Fortunately, Simple Mobile Tools doesn't collect any data about its users. Users can use our apps without internet access and install them, for example, without using Play Store services. They are available open source (GitHub) or via F-Droid without registration. However, it is always good to have an overview of what data users can provide and what might happen to it.
