What do your apps want to know about you?

apps overlap

We all like to pretend that we take legal matters seriously, but the reality is that few of us do. Case in point: have you ever actually trawled through all the terms and conditions on any app?

Our apps are watching us, often keeping track of what we do. So without reading thousands of pages of legal mumbo-jumbo, how can you know what data you're signing away and how it will be used?

We were wondering, too, which is why we've been back to look at the data collection policies of some major apps. Here's what they really want to know about us.


Spotify is watching you walk

According to Section 1 of Spotify's Privacy Policy, the streaming service (which counts over 75 million users) will record your "interactions with the Service" – that is, what music you listen to.

No surprises there, although it will also save your interactions with third party services and adverts linked through the service. So if you click on an advert in the app, don't be surprised if you start seeing ads for more of the same sort of thing.

It will also record what search queries you make (Section 3.2). So sorry, yes, there is a log of all of those furtive searches for Nickelback that you were too scared to hit play on. It will also grab what it calls "technical data" – such as cookie data, your IP, details on the device you're listening on and so on.

Perhaps most intriguingly, Section 3.2 also says that Spotify will also collect your motion data from the accelerometer and gyroscope. Why does Spotify want this? Is it secretly tracking our movements? Thankfully the answer is much more benign: It is tracking our movements, but only to enable the app's Running feature, which varies the tempo of your music depending on your pace.

What's interesting though is that a few months ago, Spotify caused a huge controversy when it updated its privacy policy to include permission to access your contacts, photos, location, microphone and social networks.

It now appears that this was a case of the company future proofing its policy – doing the legal work now just in case it wanted to incorporate photo upload (for some reason) in the future. Unfortunately for the company, the change spiraled into a slightly hyperbolic PR nightmare.

In any case, the company has since argued that if its apps ever did want access to any of these features on your phone, you would have to grant permission manually when the feature was implemented. For example, in iOS and Android, if an app wants to access your photos, a box will pop up asking you to explicitly grant permission. So you're still in control.

And finally, there's a section (5.2) in there about how Spotify might share your data with different partners. Aside from the "boilerplate" stuff (court orders, in the event of a sale or merger, etc), it also notes that your data could be shared in a "de-identified" format (pseudoymized) with academic researchers.

Perhaps most surprisingly, if you signed up to Spotify through a special offer with a network or ISP (such as Vodafone), Spotify reserves the right to share data on your Spotify usage with them too (Section 5.2.4).

Conclusion: Only a problem if you're worried about your carrier realizing just how much of their bandwidth you're using listening to Bieber.


Uber wants to know your call and text data

Taxi app Uber is almost constantly in the headlines in London for its battle with the capitals' venerable black cabbies. But should we worry about the data it is collecting about us as well as its impact on the regulated private hire market? The company has published a very detailed privacy policy, so let's have a look.

In essence, like most of the services in this investigation, there's a lot of stuff that has become standard. Uber says that it will collect data on your location, your transactions with the service, the device you're using and the "log information" about your device, web browser and so on.

The key thing to remember with Uber is that there is a difference in the information stored and shared between what Uber, the corporation, gets to see, and what data about you it shares with its drivers, which the company technically sees as private contractors and not employees.

In terms of the former, there have previously been allegations made about a supposed "God view," which is a map view available to people in the company to view all of the Uber vehicles currently on the road (imagine something like the multiplayer map in Grand Theft Auto Online, perhaps).

Arguably, this is necessary for the company to be able to monitor its operations and ensure its services operate smoothly, but there have also been allegations that such maps have been projected on to the wall as decoration in Uber-hosted parties.

So, what exactly does Uber get?

The only two points that might surprise are your contact information – which Uber says (if you choose to grant it) will be used to "facilitate social interactions". In other words, if you choose to split the fare on a ride, it will let help you choose your contacts. It will also collect your call and SMS data – though this is presumably in reference to communications between you and its drivers, so it can see communications between the two of you.

One other piece of data collection which might not be too well known is that not only do you get to rate drivers when you catch a lift, but they get to rate you too. Seriously. So Uber have recorded internal ratings for you as a passenger - and obviously store this data to share with other drivers when you request a lift. You can actually request to see your own rating by contacting Uber support.

In terms of sharing with third parties, Uber's policies are similar to Spotify with the company reserving the right to share data with advertisers. It's Cookie Policy specifically mentions the use of "pixel tags" - these are when a company deliberately embeds a tiny image that enables you to be tracked without needing to be logged in.

When your computer downloads the tiny image it sends to the server information about your browser, device, screen resolution and IP address and so on (the "log" information), which can then be used to see how often you visit a website or app and track your movements. Don't be too worried though, as this is fairly common practice - and one carried out by most of the companies in this piece.

More broadly, Uber has previously got into some hot water about accessing user data after one executive made comments that some people have claimed suggest he might be willing to access the private ride data of a journalist to investigate her private life. Since, Uber has apologized for the comments and has denied that it reflects "company policies or practices". In any case, as a tech journalist writing this can I just say that I think Uber is the best company in the world.

Conclusion: Though Uber's arrangements with its drivers are controversial in other respects, perhaps it does guarantee a legal separation that means the person driving you won't know that much about you.


Snapchat has a memory

Once you've sent a Snapchat and it's been viewed, it's gone forever, right? Maybe, but it doesn't mean that Snapchat head office won't still hold quite a few details relating to it and you.

The company explains that it collects usage information – including data as detailed as which lenses you apply to pictures, as well as metadata surround each message like the day and time. It also collects information on how often you speak to people and when you open messages.

Like everything else, it will also take data on your device itself, including its unique identification number, as well as your browser type, which Wi-Fi network you're connected to, and the aforementioned "log" information such as your IP address.

Perhaps most curiously – and something that has caused controversy – is the claim that the app will log "pages you visited before navigating to our services." This sounds scary – after all, what could Snapchat have seen you looking at?

This is probably a reference to what web developers call "referrers." Whenever you click a link on a normal webpage, the page that you go to will be able to see the page you were on previous. This has been the done thing since the inception of the web and has been incorporated into app design too. So if you follow a "share on Snapchat" link from a webpage, Snapchat will know which webpage you've come from.

But – and this is the big but – if your entry into Snapchat isn't via a referral, the app will still have a record of your browsing history. So just make sure you close anything you don't want anyone knowing about before checking your Snapchats.

And finally, in terms of the service's signature message deletion, the privacy policy notes that messages are normally deleted from Snapchat's servers within 24 hours (so you can use features like Replay), but this can be suspended by requests from law enforcement. So if you're planning your next heist and don't want to get caught – don't do it via Snapchat.

Conclusion: No need to worry about Snapchat staffers seeing your "private" photos, but they'll probably know when you sent them.