Over half of all the apps downloaded by privacy regulators as part of an international “sweep” didn’t tell users enough about how their information will be used, according to the Office of the Privacy Commissioner of Canada, which participated in the sweep.
The sweep, conducted in May by the Global Privacy Enforcement Network, saw privacy regulators in 19 countries download over 1,200 apps for evaluation.
Worldwide, almost 60 per cent of the apps raised red flags before they were even downloaded.
Over 30 per cent of all the apps reviewed gave users no privacy information at all.
Things are better when it comes to Canadian-made and popular-in-Canada apps. Of the 151 apps reviewed by the OPC, as part of its contribution to the global effort, only 42 per cent raised red flags before download and only 11 per cent had no privacy information at all.
“Fortunately, there were few examples of apps collecting the sort of information that would appear to exceed their functionality—like a flashlight app seeking permission to obtain your contacts list,” Daniel Therrien, Privacy Commissioner of Canada, said in a press release.
“But we did find many apps were requesting permission to access potentially sensitive information, like your location or access to your camera functions, without necessarily explaining why. This left many of our sweepers with a real sense of unease.”
The sweep found that 28 per cent of apps did provide appropriate privacy information—including some of the most popular apps.
“Both large and small app developers are embracing the potential to build user trust by providing clear, easy to read and timely explanations about what information they will collect and how they will use it,” Therrien said.
The OPC gave high marks to Shazam for its “clear explanation” that left OPC staff “with a generally positive feeling about how their personal information would be used.”
Of the apps that were reviewed by the OPC, two were singled out for their failure to communicate how information would be used and why it was being gathered.
Super-Bright LED Flashlight, a popular Android app, “sought permission to access the user’s camera/microphone, device ID/call information and even photos/media/files. Besides the camera flash function, it was not made clear to sweepers why the app would need all that information to operate a flashlight,” the OPC said.
“Sweepers ultimately felt the app’s privacy communications left much to be desired and, given the potentially personal nature of the permissions, they were uncomfortable using the app,” the OPC said.