Mobile apps increasingly act as the digital gatekeepers of our daily routine, whether we’re accessing our bank accounts or dating, but can they be trusted?
On Tuesday, Deloitte release its annual privacy index of the top 116 consumer brands operating in Australia across 13 sectors, including social media, retail and insurance. It did not name the companies. For the first time, it added an analysis of those brands’ mobile apps, if they had them, with some worrying results.
The report told an alarming story: apps not asking consumers for permission to access various parts of their phones and apps accessing the microphone function or collecting information before the user has even logged in.
Using the data-monitoring app SpyAware, Deloitte compared the way the apps actually behaved with the permissions it requested from the user before installation from Google Play. The report found 16 percent of the 88 apps surveyed accessed phone information that was not disclosed.
That could include details such as calls made and received, Tommy Viljoenhen, Deloitte national lead partner of Cyber Risk Services, told Mashable Australia.
“We are taking about the most trusted brands, and we found 16 percent of them were accessing information without notification,” he said in a phone call with reporters. “What’s happening with the brands we don’t know about? As consumers, are we even aware of the extent to which information is being collected without our knowledge?”
Consumers may also be surprised to realise just how many apps are accessing their information or their smartphone’s hardware before they log into an app, even if they unwittingly gave it permission by accepting terms and conditions on download. Because, let’s face it, next to no one is reading those in advance.
According to the report, 96 percent of reviewed apps transferred user information in or out of the device prior to login. In addition, of the 6 percent of apps with permission to access the microphone, 33 percent accessed it before the consumer logged in, while of the 40 percent with permission to access the camera, 3 percent also connected before login.
“If apps are going to access information when you’re not logged in, there should be [clearer disclosure] provided to you that that is how the application works,” Viljoenhen said. “That would be better practice in terms of building trust.”
Deloitte did not review iOS apps, choosing to examine Android as the dominant operating system in Australia. Google has been contacted for comment. It hopes to add Apple’s operating system in 2017.
The report also put the privacy strategies of websites under the microscope. Deloitte found that less than 2 percent of brands actively notified consumers when cookies were installed on their devices — technology that can track online behaviour, including which websites are visited.According to the report, the amount of time a cookie is stored on a device is 657 days on average.
This is the second year the report has been issued, and Viljoenhen said Deloitte has seen consumer attitudes to privacy mature in Australia. “Ninety-four percent of consumers rated trust more important than ease of use,” he said. “Communicating how information is used and shared builds trust.”
The report surveyed 1,000 consumers and found that banking and finance was the most trusted industries out of the 13 industries assessed. Retail, media and social media were the least trusted industries.
Customer perception of brand oversight also plays a significant role. “Industries that are far less regulated tend to have lesser perception of trust,” Viljoenhen added. “[There is a] direct correlation between regulation and the trust consumers have in those brands.”
It would definitely be a fate worse than death for most social media companies, but it’s possible government oversight is the recipe for consumer piece of mind.