Mobile privacy: over 7 out of 10 apps collect more data than needed

Up to 74% of the most popular mobile apps collect more data than they should in order to function properly, new research reveals.

This is just one of several disturbing findings collected by experts at NordVPN, perhaps the most famous VPN service on the market, after analyzing the top five apps across 18 categories for both Android and iOS.

Ultimately, this grim picture means that it's a necessity for users to minimize their digital footprint as much as possible.

A license to spy: Android vs iOS

"A significant number of mobile apps that we use daily request access to device functions unrelated to their performance. And most users give the app license to spy without even reading the terms and conditions," said Adrianus Warmenhoven, cybersecurity advisor at NordVPN.

Researchers found, in fact, a staggering number of web applications asking for way more permissions than needed to carry out their intended activities. On average, this happened for every fifth requested permission.

About 42% of all apps appear to collect users' data from other apps and websites, too, and 37% want to record location details despite not being necessary for the app's functionality.

A further 35% seek camera access without any real reason. Researchers found also a considerable number of apps requesting access to the photo gallery (22%) and microphone (16%). Again, these apps can all function without this information.

Researchers recorded a discrepancy between Android and iOS apps' requests, too, with 87% and 60% asking for unrelated requests respectively. However, this "has less to do with privacy protection and more to do with Apple’s digital ecosystem," the research claims. Android seems, in fact, to give users more freedom to customize their privacy while lacking the default built-in protections offered by iOS services. 

Although, out of 103 apps, more iOS (18) than Android apps (16) collected more unnecessary than necessary data.

Web apps have their own issues, of course, and tend to be more or less intrusive depending on their category. On this point, Warmenhoven said: "It's especially important to be more attentive to some categories of apps which are more intrusive, such as social media or messaging apps."

These were, in fact, the most data-hungry services, together with navigation, dating, and health/fitness apps. On average, social networking apps request 10 unnecessary permissions, navigation apps ask for 9, dating for 6, and messaging for 5. Gaming apps were the least greedy for user information, with less than one unnecessary permission on average.

Online tracking levels differed according to users' location, too. East Asia (especially Hong Kong and Taiwan) was a hotspot for demanding apps. Warmenhoven believes this to be related, in part, to a different regulatory environment. 

He added: "But at the same time, these numbers are influenced by the nature of the popular apps studied. East Asian countries are worse in terms of permissions because of the blend of the wide use of social media tools as well as manga and other media apps."

On the whole, apps in Mexico asked for the fewest permissions, while apps in Australia, Canada, the UK, and the Netherlands collected the most personal information on average.

How to limit online tracking

As we've seen, most of the permissions requested by apps aim to spy on your usage rather than facilitate the intended service. Warmenhoven shared some tips that anyone can use to minimize their digital footprint with a couple of clicks. 

• Only use official app stores: downloading apps from unofficial sites increases your risk of using unsafe services (as they can also be modified by criminals later on.)
• Read app policies beforehand: it may sound like a daunting task, but it's important to read the privacy policy and terms & conditions to understand how the app's owner will use customer data. Remember, you can always look for a more privacy-friendly alternative app if anything seems suspicious.
• Customize your data permissions: experts recommend revising the permissions for all of your existing apps and opting out of what's not needed. Pay special attention to crucial data like camera, mic, storage, location, and contact list.
• Limit location permissions: as a rule of thumb, you should share your location data only with apps that need the information to function (like navigating services) and only while using the apps, rather than all the time.
• Delete unused apps: if there are apps you don't use anymore, delete them to minimize the chance that they'll collect your personal data.

Warmenhoven said: "Users should always consider whether the app needs certain data to do its job before tapping ‘Accept,’ because collected data could be used against our interest."